Mirror all traffic from one port to another on localhost using iptables

linux networking iptables
7,866

It seems that there are some misunderstanding :

I need to mirror all packets from port 162

your rule should include --sport 162 or --dport 162 if you meant "all packets arriving to port 162"

--to-destination 0.0.0.0:1162

In fact 0.0.0.0 does not match the localhost. You should use 127.0.0.1 instead.

Finally you can try for TCP traffic:

iptables -t mangle -A PREROUTING -p TCP --dport 162 -j TEE --gateway 127.0.0.2
iptables -t nat -A PREROUTING -d 127.0.0.2 -p TCP --dport 162 -j DNAT  --to 127.0.0.1:1162

The first rule copies the traffic to localhost 127.0.0.2:162. The second rule forwards traffic from 127.0.0.2:162 to 127.0.0.1:1162.

Please note that as traditional port forwarding which apply to POSTROUTING chain, the second rule applies to PREROUTING. This is because we deals with localhost addresses so that POSTROUTING chain of nat table is not crossed by packet.

An for UDP traffic:

iptables -t mangle -A PREROUTING -p UDP --dport 162 -j TEE --gateway 127.0.0.2
iptables -t nat -A PREROUTING -d 127.0.0.2 -p UDP --dport 162 -j DNAT  --to 127.0.0.1:1162
Share:
7,866

Related videos on Youtube

Neci
Author by

Neci

Updated on September 18, 2022

Comments

  • Neci
    Neci over 1 year

    i need to mirror all packets from port 162 to another (for example 1162) on localhost.

    I know that TEE can mirror packets but to some ip address.

    Maybe it is possible in one rule change also destination port, but i can't find working solution.

    Something like that:

    iptables -t mangle -A PREROUTING -d 0.0.0.0:162 -j TEE --to-destination 0.0.0.0:1162

    But from manual: Send the cloned packet to the host reachable at the given IP address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.

    Thanks for any hint.

    OS:RedHat 6.9

    • Burgi
      Burgi over 6 years
      What have you tried? What OS are you using? Please take our tour and see How to Ask.
    • Neci
      Neci almost 5 years
      Finally i use github.com/sleinen/samplicator for such activity
    • Burgi
      Burgi over 4 years
      You should write an answer explaining how you solved it.
  • Neci
    Neci over 6 years
    Ouch looks like redhat 6.9 with version 1.4.7 doesn't have TEE functionality, we don't have module in kernel for that also.
  • vera
    vera over 6 years
    Strange, you mentioned TEE in your question and the error looks like a TEE ` --gateway` input error (ipset.netfilter.org/iptables-extensions.man.html#lbDW).
  • QuickPrototype
    QuickPrototype about 5 years
    When testing this on UDP, It appears that the destination IP of the packet is not altered by the TEE rule thereby nullifying the nat rule.
  • Charles Boling
    Charles Boling about 4 years
    In my test (4.15 kernel), using TEE in PREROUTING causes no change in the packet (source or destination) and thus when you specify any localhost address as the gateway, creates a feedback loop (50Gbps on my machine)
  • user39049
    user39049 over 3 years
    Well, this is a very interesting topic. I too had to fan-out SNMPTRAP data and reuse the original collector's IP, while keep forwarding the data to the original collector (that runs Solaris 9). I'm using this as a match in mangle: -A PREROUTING -i ens192 -p udp -m udp --dport 162 -j TEE --gateway 127.0.0.2 and this in nat: -A PREROUTING -p udp -m udp --dport 162 -j DNAT --to 10.0.250.53, and it works (not sure how, though)... (Centos8, kernel 4.18)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to make all outgoing RST drop
Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
tc on bridge port
Why are incoming packets on a TAP interface seen with tcpdump but not with iptables?
TCP connect: No route to host
iptables - how to keep source IP after forwarding?
How to forward http request to a proxy server?
iptables rule for loopback interface lo
How to use iptables to allow traffic only through ONE SPECIFIC VPN
Create rule in OpenWrt LuCi, apply saved iptables rule from command line