1

I'm looking for a way to replicate UDP traffic received by one host to another host in a different subnet.

The TEE target in iptables only works with gateways in the same subnet, i.e.:

On the receiving box, 10.88.0.200 iptables -t mangle -A PREROUTING -p udp -d 10.88.0.200 --dport 8125 -j TEE --gateway 10.88.50.119

Does not result in packets arriving at 10.88.50.119 due to the subnet difference.

What I would like to do is something like:

iptables -t nat -A PREROUTING -p udp -s 10.88.0.200 --dport 8125 -j DNAT --to 10.88.50.119:8125

However that doesn't appear to have the desired effect, in fact I haven't yet found a way to further modify the packets created by TEE at all.

Is this possible? Do the duplicate packets created by TEE pass through the rest of the iptables chains or do they just fly directly to the interface?

Improve this question

1 Answer 1

Reset to default
-2

The question is completely vague in context, are you confident this isn't the XY Problem?

Unless you really are in need of an application proxy, maybe samplicator is your ticket?

Improve this answer
3
  • If your asking 'why not just use a user land proxy', the answer is that the packet rates combined with the current load already on the box makes this a less than ideal solution. The data is statsd metrics at a rate of 30-60k packets a second.
    – Mark
    Commented Jul 30, 2015 at 22:58
  • I'm asking for more context. It turns into a guessing game about what you are trying to really solve. Perhaps you could port mirror your switch? Perhaps you could write a simple kernel module? Perhaps your logging (or whatever you're udp:ing) should be differentiated? Or distributed? Perhaps...or perhaps...
    – ErikE
    Commented Jul 30, 2015 at 23:07
  • I have the same question. I don't see what's particularly vague about Mark's question. He's saying using iptables... he's not saying using a simple kernel module or switch port mirroring. From what I've found trying to DNAT the packet created by TEE can work, but I have had 0 luck reproducing.
    – returneax
    Commented Oct 2, 2018 at 22:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .