On Saturday 2011-04-23 18:07, jian Jiang wrote: >Hi all, > >I want to copy all incoming packets of eth0 and send over eth1, I >wrote rule like that: > >1. iptables -t mangle -A PREROUTING -i eth0 -j TEE --gateway 10.10.10.1 > >then I added another rule: > >2. iptables -t mangle -A POSTROUTING -o eth1 -j DROP > >to capture copied packets. > >>From iptables's count information, I saw packets are copied by rule1, >but did not >match rule2. But I have checked by tcpdump, copied packets indeed sent out >by eth1. > >My problem is that packets copied by TEE do not go through POSTROUTING? >or is my understanding wrong? You need at least Linux 2.6.35 for duplicated packets to be seen by Xtables. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
