![]() ![]() The existing rules are now nested within two user-defined chains, each of which is only evaluated if the Raspberry Pi is neither the source nor the destination of the packet. Iptables -t mangle -I POSTROUTING -o pppoe-wan ! -s 192.168.1.238 -j lan_to_wan_tee Iptables -t mangle -I POSTROUTING -o br-lan ! -d 192.168.1.238 -j wan_to_lan_tee # Workaround to prevent traffic to and from the port mirroring gateway itself from being duplicated. Doing so requires slight additions to the previous rules, like so: # - Port mirroring section (IPv4). To that end, it would be nice to exclude packets to and from the Raspberry Pi from being mirrored. Duplicate ICMP reply packets received by the Raspberry Pi. Although this may not seem to be a huge issue as duplicates are simply managed by the upper protocol stack, it needlessly increases the volume of traffic required to be processed by the router and the Raspberry Pi.įigure 3. That is, the Raspberry Pi would receive duplicates of any packets destined to it, and have every packet from it duplicated by the router upstream (see Figure 3). There is one glaring problem with how things are currently configured, however. br-lan) are mirrored to the Raspberry Pi. the Raspberry Pi), while packets originating from the outside of 192.168.1.0/24 but routed to the bridged LAN interface (i.e. pppoe-wan), are to be duplicated and sent to 192.168.1.238 (i.e. In any case, the rules shown above simply state that, packets, with source address matching the network 192.168.1.0/24 and which have been routed to the WAN interface (i.e. ![]() The main difference is that, including the rules in the FORWARD chain allows packets to be mirrored even if they were to be dropped by rules in the FORWARD chain of the filter table. Iptables -t mangle -A POSTROUTING -o pppoe-wan -s 192.168.1.0/24 -j TEE -gateway 192.168.1.238īoth rules are included in the POSTROUTING chain of the mangle table, though it need not be that way since equivalent rules which do the same thing could also be written in the FORWARD chain. On the router, the rules to achieve this are: iptables -t mangle -A POSTROUTING -o br-lan ! -s 192.168.1.0/24 -j TEE -gateway 192.168.1.238 We just need rules for mirroring any incoming traffic destined towards the LAN network, and any outgoing traffic originating from the same network towards the WAN interface. Using the iptables' TEE extension, port mirroring is an easy feat. As I do not have a hub, I opted for the first option. Alternatively, we could have a hub (NOTE: not switch) between the router's WAN port and the Raspberry Pi, allowing the latter to sniff all ethernet frames to and from the modem indiscriminately. Then, configure the router to duplicate/mirror any traffic to it towards the Raspberry Pi (via port mirroring). Flash memory usage and capacity of the router.īasically, the main idea is to have the Raspberry Pi hooked up to one of the router's LAN switch port via ethernet. This starts ntopng always in community mode and removed the license warnings.Figure 2. To: wget -no-check-certificate -qO- $FRITZIP/cgi-bin/capture_notimeout?ifaceorminor=$IFACE\
0 Comments
Leave a Reply. |