gdizzle 07-21-2013 07:41 AM

IPtables PortMirroring Centos 6.4
Hi All,
I wish to setup Port-Mirroring on a Centos 6.4 router using iptables was was going to use the commands:


iptables -I PREROUTING 1 -t mangle -j ROUTE --gw --tee
iptables -I POSTROUTING 1 -t mangle -j ROUTE --gw --tee

Until I found out the module wasn't included in the Iptables:


iptables v1.4.7: unknown option `--gw'
To include this module would I have recompile netfilter aka download and install and build a new Kernel?

Is it possible to use iproute2 tools to SPAN/Port-Mirror?


zhjim 07-22-2013 02:24 AM

Don't know if recompile is in need but sure a read of the man page. spell out --gw and you should be set. As for the manpage its --gateway. Also not sure if your jumps are correct. TEE is a target option for -j

gdizzle 07-22-2013 05:58 PM

Here is my refrence:

Looks like ROUTE is not avaliable, looks like it's missing the modules ....


iptables -I PREROUTING 1 -t mangle -j ROUTE
iptables v1.4.7: Couldn't load target `ROUTE':/lib64/xtables-1.4.7/ cannot open shared object file: No such file or directory

zhjim 07-23-2013 01:43 AM

checking the man pages of various version of iptables I did not found a module called ROUTE once . And as in the comments most people are having trouble with these two lines I doubt they are correct anymore. Check the man pages and search for the TEE target. Something like


iptables -t mangle -I PREROUTING -j TEE --gatewya
should do the trick. iptables version 1.4.14.

