Since CentOS/RHEL6 onwards (newer kernels higher than 2.6.32 ) asymmetric routing doesn’t work anymore out of the box. There was a change in rp_filter settings causing this issue.
The “rp_filter” stands for reverse path filtering. The reverse path filter will check if the source of a packet that was received on a certain interface is reachable trough the same interface it was received. The purpose is to prevent spoofed packets, with a changed source address, not being processed/routed further. In a router it could also prevent routing packets that have a private IP as source to the Internet as they obviously will never find their way back.
Since RHEL 6 and its derivative CentOS 6, rp_filter, which can be controlled by kernel parameters, is set on a default value of 1. This means that the rp_filter is operational in strict mode and does exactly what it is designed for.
Possible value are:
0: No source validation
1: Strict mode (failed packets are discarded), described in RFC3704
2: Loose mode, only discards the packet when it isn’t routable over any of the interfaces on the host.
In short, there are two options:
1) edit the file “/etc/sysctl.conf”
change the value from 1 to 2 in the following line:
net.ipv4.conf.default.rp_filter = 1
Add this line:
net.ipv4.conf.all.rp_filter = 2
After edit, it should look like this:
net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.all.rp_filter = 2
reload the configuration by typing
sysctl -p
Now you should be able to ping both IPs
