On Thu, Oct 21, 2010 at 3:41 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Thursday 2010-10-21 18:42, Mateus Caruccio wrote: > >>In the end, we came with a very simple solution (no iptables/ip needed): >> >>>From DEVEL_SRV we ran: >> >># ifconfig eth1 PROD_SRV_IP netmask PROD_SRV_NETMASK promisc -arp hw >>ether PROD_SRV_HWADDR up >> >>That is it ! >> >>All traffic targeted to PROD_SRV_IP is now being accepted by our >>mirrored eth1. Since this is an interface aimed to tests only, no >>matter what's being accepted. > > It still looks wrong though. When using TEE, no expensive promiscous > mode is required, nor are static ARP entries. As I said, I do not have access/permission to run anything in our production servers (our admins are a "little" paranoid :) Also, since port mirror is mirroring only those specific proto:port packets, I dont think that would cause any performance penalty. Anyway, this is not beautiful as it could, but works for our needs. Again, thanks for support. I will keep looking for a more straight/clean solution. I'm not a protocol/kernel specialist, so this is a good challenge. Mateus. > -- # ################ VOTE NULO ################ # Mateus de Oliveira Caruccio <mateus at caruccio dot com> # Old programmers never die. They just branch to another namespace -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
