| View previous topic :: View next topic |
| Author |
Message |
linck
n00b
Joined: 13 Mar 2005
Posts: 20
Location: Brasil
|
 Posted: Sat Nov 11, 2006 7:02 pm Post subject: How to duplicate the traffic using IPTables? Is it possible? |
 |
|
Hello.
I would like to know if there is a way to duplicate the traffic comming from one interface to another two network interface cards using IPTables. Is that possible?
For example: The traffic comming from eth0 should be duplicated and forwarded to eth1 and eth2, and the traffic comming from eth1 should be also duplicated and forwarded to eth2. I had been looking for iptables rules that could do that at google but I didn't find good results 
Thank you. |
|
| Back to top |
|
 |
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
| Posted: Sun Nov 12, 2006 2:12 am Post subject: |
|
|
| Is that something that would be done with iptables, or should you instead look into routing? I'm not sure what you mean by 'forwarded' I guess... For bridging one interface to another you could look into ebtables as well - I don't have enough experience with ebtables though to know if you can set up a one-to-many bridge. |
|
| Back to top |
|
|
linck
n00b
Joined: 13 Mar 2005
Posts: 20
Location: Brasil
|
| Posted: Sun Nov 12, 2006 2:40 am Post subject: |
|
|
| mark_lagace wrote: | | Is that something that would be done with iptables, or should you instead look into routing? I'm not sure what you mean by 'forwarded' I guess... For bridging one interface to another you could look into ebtables as well - I don't have enough experience with ebtables though to know if you can set up a one-to-many bridge. |
Well, let me try to explain better, my English isn't very good 
In the actual configuration, the traffic coming from eth1 is routed to eth0, and vice-versa.
What I want to do is to route the same traffic to one more network interface card.
Is there a way to do that? Using IPTables or something like that...
Thank you for your help.
*EDIT*
If IPTables can't do that, could it duplicate the traffic and forward it to another IP address? |
|
| Back to top |
|
|
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
| Posted: Sun Nov 12, 2006 3:50 am Post subject: |
|
|
Look into ethernet bridging and see if that serves your needs. http://tldp.org/HOWTO/html_single/Ethernet-Bridge-netfilter-HOWTO/ is a good spot to start. What a bridge can do is link your three ethernet interfaces so that traffic from one interface will be passed along to the others. Basically it turns your linux-box into a glorified ethernet switch. If you want to still have remote access to your linux machine, don't forget to assign an ip to the bridge virtual interface.
Good luck!
EDIT: better documentation: http://linux-net.osdl.org/index.php/Bridge |
|
| Back to top |
|
|
daeghrefn
Tux's lil' helper
Joined: 02 Jan 2005
Posts: 112
|
| Posted: Mon Nov 13, 2006 8:25 pm Post subject: |
|
|
I'm pretty sure you should be able to do this. It sounds to me like the same thing as putting two computers on a hub and using the second to monitor the traffic from the first.
I couldn't tell you exactly how, but I would assume that in the prerouting you would be able to copy all packets. I would also check the Netfilter configuration in the kernel... I don't have a box in front of me that I can do that, but I think I've seen stuff in there for auditing. I assume that's what this is for... network traffic logging/auditing.
HTH.
_________________
Support our troops. |
|
| Back to top |
|
|
linck
n00b
Joined: 13 Mar 2005
Posts: 20
Location: Brasil
|
| Posted: Mon Nov 13, 2006 9:08 pm Post subject: |
|
|
| daeghrefn wrote: | I'm pretty sure you should be able to do this. It sounds to me like the same thing as putting two computers on a hub and using the second to monitor the traffic from the first.
I couldn't tell you exactly how, but I would assume that in the prerouting you would be able to copy all packets. I would also check the Netfilter configuration in the kernel... I don't have a box in front of me that I can do that, but I think I've seen stuff in there for auditing. I assume that's what this is for... network traffic logging/auditing.
HTH. |
That is exactly what I want to do!!!
You are right about PREROUTING, but it will modify the destination IP of the packet instead of creating another one(a copy) and send it to the other destination, I think...
See you. |
|
| Back to top |
|
|
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
| Posted: Sat Nov 18, 2006 12:27 am Post subject: |
|
|
Could you use something like this to take all packets coming in to 192.168.100.5 and forward them on to 192.168.120.1 through 192.168.120.5 (or however many you like)?
| Code: |
iptables -t nat -A PREROUTING -d 192.168.100.5 -j DNAT --to-destination 192.168.120.1-192.168.120.5
|
I'm not sure that this works and don't really have a good way to test it, but it might be worth a try. |
|
| Back to top |
|
|
|
Networking & Security
