Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
05-01-2015, 05:40 PM
|
#1
|
LQ Newbie
Registered: May 2015
Posts: 8
Rep:
|
iptables port mirroring issue
Hello!
Using iptables, I am mirroring all traffic on udp port 1514 from a production CentOS server to a dev CentOS server. As such, the dev server receives a copy of all udp 1514 packets sent to the production server. Here is the command I used:
iptables -t mangle -D PREROUTING -i ens160 -p udp --dport 1514 -j TEE --gateway 10.88.72.40
When capturing these packets on the second server, the destination IP is that of the production server. This is a problem because I want a service to interact with this traffic. How do I "trick" the second server into thinking that the mirrored packets are meant for it? Have been looking into rewriting the destination IP of the packets, but no luck so far. Thanks.
|
|
|
05-02-2015, 12:37 AM
|
#2
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by mr_future
iptables -t mangle -D PREROUTING -i ens160 -p udp --dport 1514 -j TEE --gateway 10.88.72.40
|
You are aware that the above is used to delete the rule.
|
|
|
05-02-2015, 12:17 PM
|
#3
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
Yes, that was a typo. I know that rule works because I'm seeing all of the redirected packets running tcdump on the second server. I used this command:
iptables -t mangle -A PREROUTING -i ens160 -p udp --dport 1514 -j TEE --gateway 10.88.72.40
|
|
|
05-04-2015, 09:15 AM
|
#4
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by mr_future
Have been looking into rewriting the destination IP of the packets, but no luck so far. Thanks.
|
Have your tried this:
Code:
iptables -t nat -A PREROUTING -p tcp -d <real server> --dport 1514 -j DNAT --to-destination <fake server>
Might need to create a new change and do everything in there so it is all grouped together.
|
|
|
05-04-2015, 11:33 AM
|
#5
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
Lazydog, would I add your policy to the first server (mirroring the traffic) or the second (receiving packets with wrong destination IP)?
|
|
|
05-04-2015, 02:54 PM
|
#6
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
You would need to do this on the host where you have the other rules to send the traffic to the second system.
I would think a new chain would be best. Traffic comes in and then is pushed to the chain where you could change the ip address and then send it off to the second system.
Last edited by lazydog; 05-04-2015 at 02:56 PM.
|
|
|
05-05-2015, 11:12 AM
|
#7
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
I'm new to iptables. Could you show me a config example of what you're talking about?
|
|
|
05-05-2015, 02:51 PM
|
#8
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
On second thought you might be able to do this on the second seerver. The server would see that the packet is for itself and then do what you want it to do.
|
|
|
05-07-2015, 10:43 AM
|
#9
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
I have discovered that, on the second machine, I cannot use iptables to route packets addressed to other IPs to localhost. I'm running Centos7, which doesn't support kernel 3.6, which is needed to do this.
So my plan is to add a second interface on the original server. Then:
iptables -t mangle -A PREROUTING -i ens160 -p udp --dport 1514 -j TEE --gateway 10.88.72.43
where 10.88.72.43 is the second NIC of the same server. The problem is that I cannot detect any packets reaching this interface. Please advise on how I can redirect TEE packets to a different interface on the same host.
|
|
|
05-07-2015, 11:36 AM
|
#10
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Have you tried to use PREROUTE on the incoming packet to set the ip address?
|
|
|
05-07-2015, 01:36 PM
|
#11
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
If I did that, then the application on the first server wouldn't be able to see the packets.
|
|
|
05-07-2015, 02:03 PM
|
#12
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
On the second server.
|
|
|
05-07-2015, 03:50 PM
|
#13
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
Yes, on the second server I tried:
iptables -t nat -A PREROUTING -p udp -d 10.88.72.41 --dport 1514 -j NETMAP --10.88.72.40
where 10.88.72.40 is the IP of the second server. In my tcpdump capture on the second server, the destination IP is still 10.88.72.41 .
|
|
|
05-08-2015, 07:04 AM
|
#14
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
TCPDUMP is capturing the packet before it has transversed the stack.
|
|
|
05-08-2015, 10:03 AM
|
#15
|
LQ Newbie
Registered: May 2015
Posts: 8
Original Poster
Rep:
|
I found the answer. On the second server, create a virtual loopback device with the same IP as the first server.
|
|
|
All times are GMT -5. The time now is 01:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|