Posted: Tue May 24, 2016 14:21 Post subject: tee extension for iptables
I too am looking for a way to do this. I currently run dd-wrt on a Linksys WRT 1900ACv2.
Linksys WRT 1900ACv2
DD-WRT v3.0-r29218 std (03/07/16)
Linux 3.18.28 #67 SMP Sun Mar 6 02:41:18 CET 2016 armv7l
Apparently, this version does not support the tee command as after issuing the command to tee traffic, there are no errors but also no new routes get added.
I'm looking for a solution and thought I might just switch to a x86 based setup. But it looks like it might have the same problem.
I don't understand why something so fundamental to monitoring network traffic would be left out. Is it a memory issue?
Perhaps there is a better way to go about monitoring traffic to and from a device on the network. I'm open to any suggestions.
Please, if anyone knows how I can get a version with the tee extension for iptables going, please let me know.
I wonder if I can uninstall iptables from my router and install the latest version.
I had some degree of success with the link below, but have since then cleared out to a new DDWRT firmware, and haven't tried again. However, I am now _again_ looking for port mirroring, and I still wonder why ddwrt is stuck at iptables 1.3.7. I am guessing bumping it up to 1.4.9 (at which the TEE module is supported).
I hava an old ASUS RT-N16(mega rev 16773M) and it seems iptables -t mangle -I PREROUTING -s 192.168.1.249 -j ROUTE --tee --gw 192.168.1.2
is working and can be write into iptables
and the iptables is 1.3.7
but my ea6500 and ea6700 has no luck.
not sure if this feature is removed from source codes
Posted: Mon Aug 22, 2016 6:22 Post subject: iptables mirroring
I have seen this iptables example in several places:
iptables -A PREROUTING -t mangle -j ROUTE --gw 10.0.0.21 --tee
iptables -A POSTROUTING -t mangle -j ROUTE --gw 10.0.0.21 --tee
I tried it on a wrt54g router with r14929. The mirroring works, however, when I checked the traffic flow with wireshark, I am getting twice the traffic that I expect. I verified this using a hub to mirror traffic.
I am a novice with iptables - please correct my understanding... I think this duplication is because no interface or source/destination addresses are specified in the iptables commands. Effectively both PRE/POSTROUTING entries are being applied to each packet since each packet matches all conditions. Other similar posts in the forum include both PREROUTING and POSTROUTING, but they also specify source and destination addresses. This captures only traffic to a particular device. In such a case you would want both PRE/POSTROUTING entries to capture flows to/from that device.
So it seems to me that to capture all traffic, either the interface should be specified, or only one of the PREROUTING or POSTROUTING entries should be included. Just using the PREOUTING entry seems the simplest. Am I missing something?
Joined: 06 Jun 2006 Posts: 6901 Location: Dresden, Germany
Posted: Thu Sep 01, 2016 8:54 Post subject:
TEE is supported as well, the problem is just that i do not include all modules required for it. normally just modules are included which are used by dd-wrt itself. but however. on x86/x64 i may include everything since there is enough space for it. gimme some days for it _________________ one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
TEE is supported as well, the problem is just that i do not include all modules required for it. normally just modules are included which are used by dd-wrt itself. but however. on x86/x64 i may include everything since there is enough space for it. gimme some days for it
Any chance of getting the TEE module in a current version of DD-WRT x86?