netfilter passive monitoring

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Padraig Brady <padraig.brady@corvil.com>
To: netfilter@lists.netfilter.org
Subject: netfilter passive monitoring
Date: Mon, 19 May 2003 17:32:38 +0100	[thread overview]
Message-ID: <3EC90726.7010402@corvil.com> (raw)

Hi, I've a passive monitor setup with 3
network interfaces. eth2 is the management (normal)
interface while eth0 and eth1 are my monitoring
interfaces which never transmit.

-----+-----+--------
      |     |
     eth0  eth1

so eth0 monitors the traffic one way on the link
and vice versa for eth1 (we're using a netoptics tap).

Anyway my question is I would like to pass all
traffic received on eth0 and eth1 into netfilter.
I thought by placing my rules in the PREROUTING
chain of the mangle table would work, since this
happens before any routing decision is made.
But the packets are never received by netfilter :-(

The packets are entering the box because you can
see/filter them using iptraf.

#iptables -t mangle -L PREROUTING -v
Chain PREROUTING (policy ACCEPT 189K packets, 61M bytes)
  pkts bytes target     prot opt in     out  source      destination

     0     0            icmp --  eth0   any  anywhere    anywhere

     0     0            icmp --  eth1   any  anywhere    anywhere

thanks,
Pádraig.

                 reply	other threads:[~2003-05-19 16:32 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3EC90726.7010402@corvil.com \
    --to=padraig.brady@corvil.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox