* Mirroring traffic with iptables TEE target @ 2012-12-30 9:10 Aaron Lewis 2012-12-30 11:25 ` Jan Engelhardt 2012-12-30 23:28 ` Pablo Neira Ayuso 0 siblings, 2 replies; 6+ messages in thread From: Aaron Lewis @ 2012-12-30 9:10 UTC (permalink / raw) To: netfilter mailing list Hi, I tried to mirror TCP traffic with mangle chain, that all packets sent to 192.168.56.2 would be copied to 192.168.56.1, # On 192.168.56.2 I executed, iptables -A PREROUTING -p tcp --dport 80 -j TEE --gateway 192.168.56.1 But on 192.168.56.1 no traffic to port 80 was seen Anything wrong? -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Mirroring traffic with iptables TEE target 2012-12-30 9:10 Mirroring traffic with iptables TEE target Aaron Lewis @ 2012-12-30 11:25 ` Jan Engelhardt [not found] ` <CAJZVxRnvbPQfXJRQOLx8tjjP8ee8D6F8Mt=4U8GFBdN_iKCbjA@mail.gmail.com> 2012-12-30 23:28 ` Pablo Neira Ayuso 1 sibling, 1 reply; 6+ messages in thread From: Jan Engelhardt @ 2012-12-30 11:25 UTC (permalink / raw) To: Aaron Lewis; +Cc: netfilter mailing list On Sunday 2012-12-30 10:10, Aaron Lewis wrote: >Hi, > >I tried to mirror TCP traffic with mangle chain, > >that all packets sent to 192.168.56.2 would be copied to 192.168.56.1, > ># On 192.168.56.2 I executed, >iptables -A PREROUTING -p tcp --dport 80 -j TEE --gateway 192.168.56.1 > >But on 192.168.56.1 no traffic to port 80 was seen Check with tcpdump on 192.168.56.1. (And make sure you do not block outgoing packets on 56.2.) ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <CAJZVxRnvbPQfXJRQOLx8tjjP8ee8D6F8Mt=4U8GFBdN_iKCbjA@mail.gmail.com>]
* Re: Mirroring traffic with iptables TEE target [not found] ` <CAJZVxRnvbPQfXJRQOLx8tjjP8ee8D6F8Mt=4U8GFBdN_iKCbjA@mail.gmail.com> @ 2012-12-30 12:19 ` Jan Engelhardt 2012-12-30 12:54 ` Aaron Lewis 0 siblings, 1 reply; 6+ messages in thread From: Jan Engelhardt @ 2012-12-30 12:19 UTC (permalink / raw) To: Aaron Lewis; +Cc: netfilter mailing list On Sunday 2012-12-30 13:13, Aaron Lewis wrote: >Hi Jan >I tried to duplicate UDP packets and that works! > >So I guess you can't mirror TCP traffics, since it's connection oriented, am >I right? Mirroring does not discriminate against protocol. People successfully use it for logging, and I am sure they have TCP as well. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Mirroring traffic with iptables TEE target 2012-12-30 12:19 ` Jan Engelhardt @ 2012-12-30 12:54 ` Aaron Lewis 2012-12-30 13:18 ` Jan Engelhardt 0 siblings, 1 reply; 6+ messages in thread From: Aaron Lewis @ 2012-12-30 12:54 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter mailing list Hi Jan, How should the debugging process began? In wireshark I see no traffic between the two hosts ... On Host A (That accept the duplicate, IP: 192.168.56.178): iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.56.178:80 On Host B (The duplicate & forward the connection, IP 192.168.56.39): iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TEE --gateway 192.168.56.178 And I start nc on both machine, nc -l 80 Then finally on my machine, I connect to Host B and type come text, it works on Host B, but no traffic between A & B (vboxnet0 interface), and direct connection from Host B to Host A works On Sun, Dec 30, 2012 at 8:19 PM, Jan Engelhardt <jengelh@inai.de> wrote: > > On Sunday 2012-12-30 13:13, Aaron Lewis wrote: > > >Hi Jan > >I tried to duplicate UDP packets and that works! > > > >So I guess you can't mirror TCP traffics, since it's connection oriented, > > am > >I right? > > Mirroring does not discriminate against protocol. People successfully > use it for logging, and I am sure they have TCP as well. -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Mirroring traffic with iptables TEE target 2012-12-30 12:54 ` Aaron Lewis @ 2012-12-30 13:18 ` Jan Engelhardt 0 siblings, 0 replies; 6+ messages in thread From: Jan Engelhardt @ 2012-12-30 13:18 UTC (permalink / raw) To: Aaron Lewis; +Cc: netfilter mailing list On Sunday 2012-12-30 13:54, Aaron Lewis wrote: >Hi Jan, > >How should the debugging process began? > >In wireshark I see no traffic between the two hosts ... That would mean that there is a problem with the duplication, but which seems unlikely because UDP is transmitted. I do this iptables -A OUTPUT -o eth0 -j TEE --gateway 10.10.7.128 and the '128 machine gets all the packets, including TCP. I can verify that with both tcpdump on the emitter as well as the receiver side. >On Host A (That accept the duplicate, IP: 192.168.56.178): >iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT >--to-destination 192.168.56.178:80 Ugh-ly. Also pretty much pointless because, as you noticed, there is not a whole lot to do with half a TCP stream. >> >So I guess you can't mirror TCP traffics, since it's connection oriented, >> > am >> >I right? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Mirroring traffic with iptables TEE target 2012-12-30 9:10 Mirroring traffic with iptables TEE target Aaron Lewis 2012-12-30 11:25 ` Jan Engelhardt @ 2012-12-30 23:28 ` Pablo Neira Ayuso 1 sibling, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2012-12-30 23:28 UTC (permalink / raw) To: Aaron Lewis; +Cc: netfilter mailing list On Sun, Dec 30, 2012 at 05:10:48PM +0800, Aaron Lewis wrote: > Hi, > > I tried to mirror TCP traffic with mangle chain, > > that all packets sent to 192.168.56.2 would be copied to 192.168.56.1, > > # On 192.168.56.2 I executed, > iptables -A PREROUTING -p tcp --dport 80 -j TEE --gateway 192.168.56.1 > > But on 192.168.56.1 no traffic to port 80 was seen > > Anything wrong? There was a bug in the 3.6 series that broke TEE, but that is fixed in -stable. What kernel are you using? ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-12-30 23:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-30 9:10 Mirroring traffic with iptables TEE target Aaron Lewis
2012-12-30 11:25 ` Jan Engelhardt
[not found] ` <CAJZVxRnvbPQfXJRQOLx8tjjP8ee8D6F8Mt=4U8GFBdN_iKCbjA@mail.gmail.com>
2012-12-30 12:19 ` Jan Engelhardt
2012-12-30 12:54 ` Aaron Lewis
2012-12-30 13:18 ` Jan Engelhardt
2012-12-30 23:28 ` Pablo Neira Ayuso
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.