Hello,
I need to handle mirrored traffic. For this I need to change
destination mac address of mirrored traffic to mac on network
interface on which I accept mirrored traffic.
Here is example mirrored traffic
15:59:29.114520 00:25:ba:5b:c9:11 (oui Unknown) > 34:40:b5:81:6c:ac
(oui Unknown), ethertype IPv4 (0x0800), length 84: 1.1.1.1.2052 >
2.2.2.2.domain: 43161+ A? dnl-01.geo.kaspersky.com. (42)
Here is network interface on which I want handle mirrored traffic
eth1 Link encap:Ethernet HWaddr fe:f9:b4:d5:08:c3
inet addr:X.X.X.X Bcast:0.0.0.0 Mask:255.255.255.248
inet6 addr: fe80::fcf9:b4ff:fed5:8c3/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:6424655 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1088214395 (1.0 GiB) TX bytes:468 (468.0 B)
Interrupt:30
Here is rules for ebtables
root@ns4:~# ebtables -t nat -L --Lc
Bridge table: nat
Bridge chain: PREROUTING, entries: 1, policy: ACCEPT
-d 34:40:b5:81:6c:ac -i eth1 -j dnat --to-dst fe:f9:b4:d5:8:c3
--dnat-target ACCEPT, pcnt = 0 -- bcnt = 0
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: POSTROUTING, entries: 0, policy: ACCEPT
root@ns4:~# ebtables -L --Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
But no one frame doesn't satisfy this rule. Where I'm wrong?
OS and package version:
root@ns4:~# uname -r
3.2.0-4-amd64
root@ns4:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.4 (wheezy)
Release: 7.4
Codename: wheezy
root@ns4:~# dpkg -l | grep ebtables
ii ebtables 2.0.10.4-1
amd64 Ethernet bridge frame table administration
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
