1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mirror/Span port and QoS for LAN to LAN hosts

Discussion in 'Tomato Firmware' started by benanzo, Nov 28, 2008.

  1. benanzo

    benanzo Guest

    Hello,

    Using Tomato 1.21 on a WRT54G v2

    I am looking for a way to set up a mirror port so I can tee all traffic to a specific host running ntop/snort+spade/arpwatch etc. As you can imagine, atm the only traffic he sees is broadcast and unicast to/from himself...which is lame for network security monitoring. I would do a hub but don't really want *another* device in the chain.

    The closest I've come is this post:
    http://www.linksysinfo.org/forums/showthread.php?t=40709

    But the -j ROUTE --tee suggestion doesn't seem to work, and actually just causes iptables to print the commandline help which makes me think the ROUTE target is missing?

    Also, for the QoS options in the GUI, are they only for WAN traffic? They must be because classifying traffic from LAN_HOST_A -> LAN_HOST_B as "High" results in his traffic remaining "Unclassified" despite saving, refreshing, saving again etc. Can we not QoS LAN <-> LAN traffic? I have a million LAN services running and some I care more about than others, but right now they all seem to be equal.

    Any guidance is appreciated.

    Thanks!
     
  2. humba

    humba Network Guru Member

    I cannot comment on iptables but QoS is only for LAN<->WAN traffic.
    Your two requirements really scream for a managed layer 2 switch.. they may not be as cheap as the WRT54G, but they offer fully configurable QoS based on various criteria, VLANs and port mirroring and all that in hardware. I think that if you were pumping 100mbit between two ports and the router actually had to look at all that traffic, it wouldn't have the necessary cpu horsepower to even do so - switches have special ASIC for all that work after all. After all, without any QoS or other services running, the device cannot handle nearly 100mbit traffic between WAN and LAN.
     

Share This Page