Reporting back on this:
The opinion there seems to be that the problem is down to the sys
net.ipv4.conf.*.rp_filter values being set to 1 instead of defaulting to
0. This is done in the procps package, and I'm guessing is the way it is
as a protection against IP spoofing. kernel doc page I was pointed to
says:
Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.
The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}.
Default value is 0. Note that some distributions enable it
in startup scripts.
Presumably Ubuntu enables by default (I can see it does, in a file in
the procps package) and Red Hat, where it seems the NetworkManager
maintainers sit, does not.
This is going to have to be argued out between procps and network-
manager maintainers I guess. You can have IP spoofing protection or you
can have connectivity checking. Choose one, or argue who should fix it.
:-) Personally, at least for now, my solution is to remove the
connectivity-check package, which was presumably brought in by
something, and keep the procps defaults.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1814262
Title:
Wired interface gets impossibly high metric 20100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1814262/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
