hello,
maybe my question sounds stupid to you but i've tried googling around
and couldn't find any valuable results. so, situation is here:
internet == [:eth0 router eth1:] == ids sensor (192.168.0.0/16)
[ eth2:] == clients (10.0.0.0/8)
so far it's a router which routes (nat) packets between external network
and clients. i added ids sensor to eth1 interface and would like incoming
packets on eth0 interface to be duplicated to eth1 so that ids sees them.
the question is - how can i do that? i haven't messed with iptables much,
and our network administraitor says it's not possible with iptables.
i don't believe him, however ;>
on openbsd packet filter it would look like this:
pass in on $ext_if dup-to $ids_if all
i believe it's as simple on iptables.
thanks in advance,
peter.
---------------------------------------------------------------------
Radical ringtones, java games, mobile phone logos, backgrounds http://sms.BANDA.LV !
