Re: clone packet with new destination address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/22/2010 09:36 AM, Changli Gao wrote:
On Fri, Oct 22, 2010 at 9:24 PM, Changli Gao<xiaosuo@xxxxxxxxx>  wrote:
On Fri, Oct 22, 2010 at 8:31 PM, Stephen Clark<sclark46@xxxxxxxxxxxxx>  wrote:
Hello,

Problem:
I have a two monitoring servers behind a a linux firewall, one is primary
and one is backup.
In the field we have units sending udp informational packet to the primary
server. On the
linux firewall I would like to copy this packet and change the destination
address of the copied
packet to point to the backup server. Is there a way to do this without
writing any code?

NOTE:
Currently the firewall is FreeBSD and we accomplish this rather easily using
ipfw along with natd, but we want to move to linux for our firewall.

I think you can use tc action mirred to mirror the packets to a fake
NIC device ifb, and use tc action nat to dnat the packets received
from ifb.

Oh, iptables can also do it. Please see iptables target TEE and RAWNAT
in xtables-addons. http://xtables-addons.sourceforge.net/

Not to seem dumb - but I tried xtables TEE without any success. Could you provide a detailed
example?

Thanks,
Steve

--

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux