Linux 8021q module difficulties

I came across this one at work the other day, and I didn't find crap about it anywhere, so I figure I'll post the fix here. I was having a lot of trouble configuring multiple VLAN interfaces on a customer box using the 8021q kernel module. I had never had any issues with it before, so I was pretty stumped. Packets were routing out of the box fine, and seemed to be making it back to the box fine as well. Packet and byte counters were updating fine at the interface level, but nothing was making it any higher in the stack than that. It almost seemed like iptables was blocking the traffic, but that wasn't the case either. After many hours of pulling on my imaginary hair, I came across a setting in /etc/sysctl.conf that caused the problem. When the following setting was present, the added VLAN interfaces didn't work…

net.ipv4.conf.all.rp_filter = 1

When it was set to zero (along with a reboot), everything worked fine. From what I can tell, that setting controls whether the kernel will accept packets into an interface that it feels should be entering the machine from a different interface, based on its routing tables. My problems might have been solved by changing around the routing tables a bit, but this worked as well.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>