LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-23-2013, 10:13 AM   #1
stosba
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Rep: Reputation: Disabled
iptables + TEE doesn't work correctly


Hello,

On my server, I want to duplicate all the traffic to an other host.
I use iptables with TEE module :
iptables -t mangle -A PREROUTING -i eth0 -j TEE --gateway IP_SERVER2

I check the rule : iptables -t mangle -L

=> The rule is here but it doesn't work... The other server receive nothing.

when I do a tcpdump : tcpdump dst IP_SERVER2
=> 0 packets received by filter

I tried to enable /proc/sys/net/ipv4/ip_forward, /proc/sys/net/ipv4/conf/all/accept_redirects, /proc/sys/net/ipv4/conf/all/send_redirects.
I changed to 1 the net.ipv4.ip_forward option in /etc/sysctl.conf, it still doesn't work.


Have you got an idea what's wrong?
 
Old 01-25-2013, 07:11 AM   #2
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,544

Rep: Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229Reputation: 1229
have you tried logging?
 
Old 01-25-2013, 10:08 AM   #3
stosba
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
When I do :
Code:
iptables -t mangle -A PREROUTING -j LOG --log-level error --log-prefix "PRE_ERROR ";
iptables -t mangle -A POSTROUTING -j LOG --log-level error --log-prefix "POST_ERROR ";
I have this:
PRE_ERROR IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=IP_HOST DST=IP_SERVER1 LEN=76 TOS=0x00 PREC=0x00 TTL=115 ID=31287 DF PROTO=TCP SPT=49383 DPT=22 WINDOW=251 RES=0x00 ACK PSH URGP=0
POST_ERROR IN= OUT=eth0 SRC=IP_HOST DST=IP_SERVER1 LEN=76 TOS=0x00 PREC=0x00 TTL=114 ID=31287 DF PROTO=TCP SPT=49383 DPT=22 WINDOW=251 RES=0x00 ACK PSH URGP=0
POST_ERROR IN= OUT=eth0 SRC=IP_SERVER1 DST=IP_HOST LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=62075 DF PROTO=TCP SPT=22 DPT=49383 WINDOW=206 RES=0x00 ACK URGP=0
 
Old 01-28-2013, 03:16 AM   #4
stosba
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
I think I found the problem : IP_SERVER2 is not in the same network than IP_SERVER1.

There is a solution to duplicate packets to another network?
 
Old 01-28-2013, 07:14 AM   #5
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,287

Rep: Reputation: 97
Ethernet packets are layer 2 the only way to get packets to pass between logical separated subnets is to bridge the networks. It might work if you bridge the interfaces of the two networks. This could have unintended consequences though, to be honest not sure what exactly would happen.
 
1 members found this post helpful.
Old 01-31-2013, 02:23 AM   #6
stosba
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
I've done a vpn connection between the two servers (in order to be in the same private network) and now the duplication works great.
Thanks you.
 
Old 01-31-2013, 11:40 AM   #7
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,287

Rep: Reputation: 97
Glad you've gotten it working.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TV-out doesn't work correctly, what is to fix? valerykk Linux - Newbie 1 10-02-2007 10:38 AM
Alsamixer doesn't work correctly commandante Linux - Desktop 3 01-13-2007 01:40 PM
why my bash doesn't work correctly? icoming Linux From Scratch 4 11-28-2004 07:59 AM
iptables doesn't run correctly abd_bela Linux - Security 2 08-02-2003 11:20 AM
iptables doesn't work correctly themorph Linux - Networking 1 02-20-2002 09:33 PM


All times are GMT -5. The time now is 09:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration