ipkg update does not work on WZR-600DHP

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
aliDIR615e3
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 3

PostPosted: Mon Feb 03, 2014 1:43    Post subject: ipkg update does not work on WZR-600DHP Reply with quote
Hello,

I've just bought a new Buffalo WZR-600DHP router which came with DD-WRT v24SP2-MULTI (11/04/12) std (SVN revision 20180) from factory.

My goal with this router is to do port mirroring using IP tables; MANGLE table with target ROUTE or TEE. However, this build did not come with the kernel modules ipt_ROUTE or ipt_TEE.

tried inserting the module with no luck;
root@DD-WRT:/jffs# insmod ipt_ROUTE
insmod: ipt_ROUTE.ko: module not found

Thus iptables can not append the rules to mangle table;
iptables -t mangle -A PREROUTING -j TEE --gateway x.x.x.x
or
iptables -t mangle -A PREROUTING -j ROUTE --tee --gw x.x.x.x

does not work...

I wanted to install the kernel modules using ipkg, but it does not work either;

root@DD-WRT:/jffs# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system

I'd really appreciate that if anyone could tell me what should I do to get ipkg working to install ipt_ROUTE kernel module.

Thanks...
Sponsor
aliDIR615e3
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 3

PostPosted: Tue Feb 11, 2014 10:44    Post subject: Reply with quote
Hello again,

I was able to get kernel module "ipt_TEE" working after compiling openwrt source-code for my DIR-615-E3 with ipt_TEE statically built into the image.

This time I have a question about iptables rules to mirror the incoming/outgoing packets.

The following 2 iptables commands mirror both incoming and outgoing packets but the incoming packets are marked with the destination address of the LAN IP (192.168.11.51) even though they are actually coming to Chromecast device behind the router(192.168.1.109)

Here is my network;

Internet <---> Router{eth1: 192.168.11.51} <---> Router{br-lan: 192.168.1.1} <---> Chromecast: 192.168.1.109 / Monitor Machine: 192.168.1.154

$ iptables -t mangle -A POSTROUTING -o eth1 -j TEE --gateway 192.168.1.154

$ iptables -t mangle -A PREROUTING -i eth1 -j TEE --gateway 192.168.1.154

I don't have any other devices connected to this network other than Chromecast(wifi) and monitoring laptop(wired); so I simply mirrored the whole subnet in the above commands.

POSTROUTING chain works fine, shows all the packets that are originating from LAN.

PREROUTING chain also works, however, the mirrored packets list their destination IP as the IP of the interface eth1(192.168.11.51), instead of Chromecast local IP(192.168.1.109)

I know it works as expected because PREROUTING chain handles the packets before their destination IP is changed to LAN IP of Chromecast.

Is there a way of mirroring incoming packets after they are mangled so that packets show LAN IP as destination ?

Thank you for your help...
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17339
Location: Hesse/Germany

PostPosted: Sun Feb 16, 2014 12:31    Post subject: Reply with quote
upgrade!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
aliDIR615e3
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 3

PostPosted: Thu Feb 20, 2014 1:48    Post subject: Reply with quote
Ok, just wanted to update people if someone else on the forum is trying to do port forwarding using iptables on dd-wrt or openwrt;

After searching for examples of port mirroring in some other posts, first I used the following rules;

$ iptables -t mangle -A POSTROUTING -o eth1 -j TEE --gateway 192.168.1.154

$ iptables -t mangle -A PREROUTING -i eth1 -j TEE --gateway 192.168.1.154


When I capture and examine the mirrored packets on Gateway machine that is listening the network; first rule works as expected. However, the packets mirrored by the second rule did not list the local destination-IP of the mirrored packets, instead it shows the public IP address of the Router (Before NAT) as the destination IP of the mirrored packets even though they are destined to different machines behind the router.

Following two rules solves the problem;

$ iptables -t mangle -A POSTROUTING -s 192.168.1.0/24 -j TEE --gateway 192.168.1.154

$ iptables -t mangle -A POSTROUTING -d 192.168.1.0/24 -j TEE --gateway 192.168.1.154


This will send a copy to the gateway of all locally generated outgoing packets and packets destined to different machines behind the router with the local destination address engraved to the mirrored packets.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum