How to route copied packets to second interface?

Question

I have two AWS instances running CentOS 7, A and B, and I need to send all copied packets from A to a second interface on B (eth1). I have set up IPTables to copy and send packets:

iptables -t mangle -A PREROUTING -i eth0 -j TEE --gateway 10.0.3.101

I can see the packets increment using:

iptables -t mangle -L -n -v

I can ping both interfaces from each other. The route is set up as:

default via 10.0.3.1 dev eth1 table 100
10.0.3.100 dev eth1 table 100

The rules are set as:

from 10.0.3.100 lookup table 100
to 10.0.3.101 lookup table 100

When I do a tcpdump for eth1, I only get ARP request and reply. When I ping from 10.0.3.100 to 10.0.3.101, I can see the ICMP packets.

Source/destination check is disabled. ip_forward is enabled on both instances.

With a single interface set up on an instance in the same subnet, I can see the copied packets. When I set up an instance with two interfaces, in two different subnets, I can not see any copied packets, but I can see pings and responses to them on both instances.

• Instance A has eth0 on 10.0.3.100 (subnet 10.0.3.0/24).
• Instance B has eth0 on 10.0.4.100 (subnet 10.0.4.0/24) and eth1 on 10.0.3.101 (subnet 10.0.3.1/24).
• I am trying to send copied packets from 10.0.3.100 to 10.0.3.101.

Answer 1

Since this was on AWS, I didn't disable source and destination check on the second interface. After correcting that, it worked.