Hi, i am trying to implement port mirroring on a linksys wrt54gl router with Firmware: DD-WRT v24-sp2 (07/22/09) std.
I ran the following commands:
iptables -t mangle -A POSTROUTING -d 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
iptables -t mangle -A PREROUTING -s 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
where 105 is the ip i want to monitor on 128.
When i check the ip table the output is as follows:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- 192.168.10.105 anywhere ROUTE gw:192.168.10.128 tee
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- anywhere 192.168.10.105 ROUTE gw:192.168.10.128 tee
It seems that the commands worked, but when i run Wireshark on my PC (Win 7) connected via 192.168.10.128 I don't see any packets from or for 192.168.10.105. I need to sniff TCP packets which i send from 192.168.10.105 to 192.168.10.51 to confirm they are not broken and forwarded correctly.
I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?
PS: I have connected all devices to the switch port and nothing connected to the WAN port
I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?
PS: I have connected all devices to the switch port and nothing connected to the WAN port
There is no firewalling or software routing between the 4 lan ports, they are bridged together in the switch.
Firewall is between WAN and the LAN bridge _________________ Kernel panic: Aiee, killing interrupt handler!
Different builds have different iptables modules and it appears that your build is missing the ROUTE target module. Try a recent build for your model and see if it has been included, if not then ask for it on trac.
Hi phuzi0n,
how can I understand if a module is present or not in the build I flashed?
Is there a command I can digit in command line?
It looks that iptables doesn't give you any error message..whatever rule you digit
Hi I have the same problem. I updated my buffalo wxr-1900DHP to the latest version (ftp://ftp.dd-wrt.com/betas/2016/05-19-2016-r29739/) but -j ROUTE seems not to work.
I want to monitor traffic between two devices connected to the routers switch. Are there other solutions to achieve that?
#firstpost
Leaf131 wrote:
Hi, i am trying to implement port mirroring on a linksys wrt54gl router with Firmware: DD-WRT v24-sp2 (07/22/09) std.
I ran the following commands:
iptables -t mangle -A POSTROUTING -d 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
iptables -t mangle -A PREROUTING -s 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
where 105 is the ip i want to monitor on 128.
When i check the ip table the output is as follows:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- 192.168.10.105 anywhere ROUTE gw:192.168.10.128 tee
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- anywhere 192.168.10.105 ROUTE gw:192.168.10.128 tee
It seems that the commands worked, but when i run Wireshark on my PC (Win 7) connected via 192.168.10.128 I don't see any packets from or for 192.168.10.105. I need to sniff TCP packets which i send from 192.168.10.105 to 192.168.10.51 to confirm they are not broken and forwarded correctly.
I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?
PS: I have connected all devices to the switch port and nothing connected to the WAN port
After reading though this thread, I am pretty sure these iptables commands to attempt port mirroring is not going to capture all of your LAN traffic, so it all depends on what you are attempting to do.
If you have 3 PCs (lets say the monitoring pc is on port1) plugged into the 3 LAN ports and attempt to monitor the traffic with iptables, you will probably only see the traffic with a destination out to or source from the internet. Basically stuff that flows though the routing function of the router.
I think that would be fine for me, I'm looking to pipe traffic out to an IDS sniffer so I'm less interested in what some people call "east-west" traffic (horizontally on the LAN) than "north-south" traffic.
What *I* want is to have all WAN traffic duplicated and sent to the IDS.