DescriptionNAC server with multiple ethernet interfaces not processing inbound packets to eth0 that have a return path of eth1 (or vice versa).
As of CentOS 6 and later, such traffic is discarded by default. Refer to Red Hat Solution 53031: "Why does Red Hat Enterprise Linux 6 and above invalidate / discard packets when the route for outbound traffic differs from the route of incoming traffic?"
In an environment where asymmetric routing occurs, this change can potentially result in issues with agent communication and Captive Portal access.
ScopeVersion: CentOS 7Solution
Workaround: Ideally, asymmetric routing should be avoided. However, there are two ways via CLI to configure the system to accept asymmetrically routed traffic on CentOS 7 such that the system functions similar to CentOS 5.
Temporary change (will revert upon reboot):
This can be changed during runtime by running the following commands:
echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
Persistent change:
To make this behavior persistent across reboots, modify /etc/sysctl.conf and make the following change prior to reboot:
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
Solution: Set static routes in the Application server for eth1. Refer to related KB article below.
Related Articles
Technical Note: Set static routes using in Configuration Wizard