TEE
The TEE target will clone a packet and redirect this clone to another machine on the local network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired.
--gateway ipaddr
Send the cloned packet to the host reachable at the given IP address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
To forward all incoming traffic on eth0 to an Network Layer logging box:
-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
which means I think your command is set up wrong. I would do more like the example.
but say you are to clone all incoming and outgoing traffic for a pc 192.168.1.15 on your router (say, 192.168.1.1). and redirect to a spying pc 192.168.1.100, use:
Code:
iptables -t mangle -A PREROUTING -d 192.168.1.15 -j TEE --gateway 192.168.1.100
iptables -t mangle -A PREROUTING -s 192.168.1.15 -j TEE --gateway 192.168.1.100
Anyone that has a good write up on getting TEE to work with DD-WRT?
From my understanding there are multiple missing pieces that prevent this:
- iptables is outdated and does not support mirroring
- kernel module for TEE is not built into DD-WRT
The above leads me to believe that even just updating iptables isn't going to work....
Anyone that has done mirroring with a recent version of DD-WRT want to chime in on how he did it? Unfortunately my router (DIR-880L) is not supported by any other open router software
Joined: 16 Nov 2015 Posts: 6407 Location: UK, London, just across the river..
Posted: Fri Mar 02, 2018 21:28 Post subject:
- iptables is outdated and does not support mirroring
- kernel module for TEE is not built into DD-WRT
correct
hmm i dont know i ve seen somewhere around someone made
success installing last version of iptables...via
entware....
sadly entware version of iptables have to be manually updated first... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913