On Monday 19 May 2003 17:04, Padraig Brady wrote:
> Hi, I've a passive monitor setup with 3
> network interfaces. eth2 is the management (normal)
> interface while eth0 and eth1 are my monitoring
> interfaces which never transmit.
>
>
> -----+-----+--------
>
> eth0 eth1
>
> so eth0 monitors the traffic one way on the link
> and vice versa for eth1 (we're using a netoptics tap).
>
> Anyway my question is I would like to pass all
> traffic received on eth0 and eth1 into netfilter.
> I thought by placing my rules in the PREROUTING
> chain of the mangle table would work, since this
> happens before any routing decision is made.
> But the packets are never received by netfilter :-(
>
> The packets are entering the box because you can
> see/filter them using iptraf.
>
> #iptables -t mangle -L PREROUTING -v
> Chain PREROUTING (policy ACCEPT 189K packets, 61M bytes)
> pkts bytes target prot opt in out source destination
>
> 0 0 icmp -- eth0 any anywhere anywhere
>
> 0 0 icmp -- eth1 any anywhere anywhere
I think the nework cards are running in some sort of capture mode like if you
run tcpdump. So they capture all packets that are on the wire. But
iptables/netfilter only sees the packets entering the hosts. So you can not
use iptables/netfilter to monitor all paclets on the wire.
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
