1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Iptables and port span

Discussion in 'Tomato Firmware' started by Woot, Aug 20, 2011.

  1. Woot

    Woot Networkin' Nut Member

    So i have WHR-HP-G54(not linksys, but pretty much the same) and regular Tomato 1.28
    I'm trying to port span/mirror all the traffic to server.
    In Scripts->Firewall i have this script
    iptables -A PREROUTING -t mangle -j ROUTE --gw --tee
    iptables -A POSTROUTING -t mangle -j ROUTE --gw --tee

    but it seems it doesn't work. Do i have any error or do i have to add something to the script so tomato loads some module or something?
    I'm checking with wireshark and it seems i don't get any traffic extra.
    CPU load of tomato is CPU Load (1 / 5 / 15 mins)0.01 / 0.00 / 0.00 and i'm guessing it should be higher?
    Also i have a speed monitor on the server and it shows only a few kb/s while te traffic on the router real-time graph is 400kb/s
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Probably the "tee" command isn't supported.
  3. Woot

    Woot Networkin' Nut Member

    Yes, ROUTE has the tee option, and it does work. At least, it does on my quick test, with a K26 build from current(ish) git.

    So it should be supported

    I telneted into tomato and run lsmod, this is the output
    tomato_ct 1136 0 (unused)
    wl 423640 0 (unused)
    et 28088 0 (unused)
    ip_nat_ftp 3712 0 (unused)
    ip_conntrack_ftp 4936 1
    ip_nat_rtsp 6656 0 (unused)
    ip_conntrack_rtsp 6344 1
    ip_nat_h323 2904 0 (unused)
    ip_conntrack_h323 2888 1
    ip_nat_pptp 2668 0 (unused)
    ip_conntrack_pptp 3452 1
    ip_nat_proto_gre 1888 0 (unused)
    ip_conntrack_proto_gre 2776 0 [ip_nat_pptp ip_conntrack_pptp]

    If i try
    modprobe ip_tables
    modprobe: module ip_tables not found

    Do newer versions don't have iptables or what?

    Yet it does have it
    if i type iptables --help i get iptables v1.3.7
    How do i check if tee is supported?

    Ok i tried to run in telnet : iptables -A PREROUTING -t mangle -j ROUTE --gw --tee
    iptables: No chain/target/match by that name

    Ok i found out:
    xt_TEE requires either: 1. iptables >= 1.4.8 && kernel >= 2.6.35 OR 2. iptables < 1.4.8 && kernel < 2.6.35 && xtables-addons (its mconfig file may need to be adjusted)

    Tomato has uname -r

    So everything is older :S
    How do i make this work?
  4. Woot

    Woot Networkin' Nut Member

    Is there a way to update kernel/iptabels on tomato althou im guessing its easier to get this xtables-addon but is still dont know how
  5. rs232

    rs232 Network Guru Member

Share This Page