[clug] iptables to simulate promiscuous interface
jm
jeffm at ghostgun.com
Tue Jan 13 03:35:07 GMT 2009
I've trying to use fprobe-ulog instead of the normal fprobe to fix the
problem I mentianed in an earlier post. This fix was suggested by
someone on the flow-tools mailing list. fprobe-ulog relies on the
iptables target ULOG to forward matching traffic to it. This is were I
seem to be hitting a snag. Diagramatically, the set up is,
mirrored netflow
traffic
router --------> fprobe -------> flow-collector ----> custom script
eth2 lo0
The traffic arriving at eth2 needs to be selected via a suitable
iptables rule in the correct table to simulate putting that interface
into promiscuous mode. It would be something along the lines of,
iptables -t raw -I PREROUTING -i eth2 -j ULOG
I've tried the nat, mangle, and raw tables with the PREROUTING chain,
but I don't seem to be matching the anywhere near the number of expocted
packets nor seeing the expected activity in fprobe-ulog. This is
confirmed by running ulogd with a default configuration. The logs are
rather sparse. What is the correct iptables command to do this? Is this
actually possible or should I be looking at something else (eg, ebtables)?
Lastly,
tcpdump -i eth2 -n
confirms that the desired traffic does exist on this interface. (thought
I better double check before I post this).
Jeff.
More information about the linux
mailing list