Re: Packet duplication

[Tiaan Wessels <tiaan@netsys.co.za>]

Gáspár Lajos wrote:
> Tiaan Wessels írta:
>> Gáspár Lajos wrote:
>>> Tiaan Wessels írta:
>>>> Hi,
>>>> Not sure there is any life on this list but in case someone picks 
>>>> me up on netfilter user SETI here goes:
>>> There is life !!! :D
>>>> How do I go about duplicating a UDP packet arriving at a machine. 
>>>> Essentially I want to have it go to its original recipient but to 
>>>> another new one also.
>>>> -j ROUTE --tee seems not to be supported anymore.
>>> False... It is supported but you need the patch-o-matic(-ng) stuff...
>>>
>>>       --tee  Make a copy of the packet, and route that copy to the 
>>> given destination. For the original, uncopied packet, behave like a 
>>> non-terminating tar-
>>>              get and continue traversing the rules.  Not valid in 
>>> combination with `--iif' or `--continue'
>>>
>>>> Thanks
>>>
>>>
>>> Swifty
>>>
>>>
>> Getting this to work for a novice like me seems to be impossible.
> It is not so hard... :D
>> Doing a man on my FC5 system shows --tee to be there under the ROUTE 
>> extension and I quote from the man page
>> 'iptables can use extended target modules: the following are included 
>> in the standard distribution'
>> however using iptables results in
>>
>> [root@nst2 ~]# /sbin/iptables -A PREROUTING -t mangle -p udp -d 
>> 192.168.3.77 --dport 9090 -j ROUTE --tee
>> iptables v1.3.5: Unknown arg `--tee'
> Note that you may need the --oif option too with tee...
> (I woukd be glad If anyone could confirm!)
>> locate libipt_ROUTE.so yields nothing which makes me believe the man 
>> page was talking bollocks when claiming the extensions to be part of 
>> the 'standard distribution'
>>
> Bad manpage... :D
>> After further reading I also came to the conclusion patch-o-matic 
>> needed to be used to install the ROUTE module. going to netfilter 
>> extensions HOWTO I see I have to get the latest update from CVS like 
>> in so
>>
>> cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic login
>>
>>
>> but when I do this with password cvs I get
>>
>> [root@nst2 ~]# cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic 
>> login
>> Logging in to :pserver:cvs@pserver.netfilter.org:2401/cvspublic
>> CVS password:
>> cvs [login aborted]: connect to 
>> pserver.netfilter.org(213.95.27.115):2401 failed: Connection refused
>>
>> any ideas ?
> Forget cvs... try svn...
>
thanks,
i have located patch-o-matic snapshot for yesterday on netfilter ftp 
server. so i did a runme extra but it never asks me to apply the 
ROUTE/--tee patch. is this correct ? must I recompile my kernel in any 
case ?