4

On my server, I want to duplicate all the traffic to an other host. I use iptables with TEE module:

iptables -t mangle -A PREROUTING -i eth0 -j TEE --gateway IP_SERVER2

I check the rule: iptables -t mangle -L

=> The rule is here but it doesn't work... The other server receive nothing.

When I do a tcpdump: tcpdump dst IP_SERVER2 => 0 packets received by filter

I tried to enable /proc/sys/net/ipv4/ip_forward, /proc/sys/net/ipv4/conf/all/accept_redirects, and /proc/sys/net/ipv4/conf/all/send_redirects. I changed to 1 the net.ipv4.ip_forward option in /etc/sysctl.conf, it still doesn't work.

Have you got an idea what's wrong?

Improve this question
1

1 Answer 1

Reset to default
0

IP_SERVER2 needs to be on your local network according to iptables manpages.

Improve this answer
4
  • Really? Ok I understand better now...
    – user155731
    Commented Jan 28, 2013 at 9:12
  • Have you an idea how to duplicate packets on another network?
    – user155731
    Commented Jan 28, 2013 at 9:46
  • I am not sure why iptables has such a limitation, but the only way I can think of is to log the packets (probably just tcpdump - see -G option) and ship them in files to your external network.
    – donatello
    Commented Jan 28, 2013 at 20:57
  • I've done a vpn connection between the two servers (in order to be in the same private network) and now the duplication works great. Thanks you.
    – user155731
    Commented Jan 31, 2013 at 8:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .