I was able to get kernel module "ipt_TEE" working after compiling openwrt source-code for my DIR-615-E3 with ipt_TEE statically built into the image.
This time I have a question about iptables rules to mirror the incoming/outgoing packets.
The following 2 iptables commands mirror both incoming and outgoing packets but the incoming packets are marked with the destination address of the LAN IP (192.168.11.51) even though they are actually coming to Chromecast device behind the router(192.168.1.109)
upgrade! _________________ Forum Guidelines...How to get help
Throw some buzzwords into the WIKI search
I'm NOT rude, just offer pure facts!
Atheros (TP-Link & Clones, etc ) debrick service in EU
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
Ok, just wanted to update people if someone else on the forum is trying to do port forwarding using iptables on dd-wrt or openwrt;
After searching for examples of port mirroring in some other posts, first I used the following rules;
$ iptables -t mangle -A POSTROUTING -o eth1 -j TEE --gateway 192.168.1.154
$ iptables -t mangle -A PREROUTING -i eth1 -j TEE --gateway 192.168.1.154
When I capture and examine the mirrored packets on Gateway machine that is listening the network; first rule works as expected. However, the packets mirrored by the second rule did not list the local destination-IP of the mirrored packets, instead it shows the public IP address of the Router (Before NAT) as the destination IP of the mirrored packets even though they are destined to different machines behind the router.
Following two rules solves the problem;
$ iptables -t mangle -A POSTROUTING -s 192.168.1.0/24 -j TEE --gateway 192.168.1.154
$ iptables -t mangle -A POSTROUTING -d 192.168.1.0/24 -j TEE --gateway 192.168.1.154
This will send a copy to the gateway of all locally generated outgoing packets and packets destined to different machines behind the router with the local destination address engraved to the mirrored packets.