* Changing destination ip and port of TEE'ed udp
@ 2017-05-08 22:22 Sergey Yermakov
2017-05-08 22:29 ` Jan Engelhardt
[not found] ` <6411b93c-1e13-19ea-b90a-d41df584502e@epmaki.net>
0 siblings, 2 replies; 3+ messages in thread
From: Sergey Yermakov @ 2017-05-08 22:22 UTC (permalink / raw)
To: netfilter-devel
Hello,
1. Sorry if this has been already asked before ( couldn't find the
answer in the archives) or the wrong list.
2. Changing the destination ip and port of TEE'ed udp datagrams seems
doable and I was just wondering if there are some arguments against
adding it to TEE.
Something like this:
# iptables -t mangle -A PREROUTING -i lo -p udp --dport 223 -j TEE
--gateway 192.168.0.1 --new-dst 192.168.0.21 --new-dport 201
# iptables -t mangle -L -nv --line
Chain PREROUTING (policy ACCEPT 159 packets, 14878 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1 new-dst:192.168.0.21
new-dport:201
..
$ nc -u 0 223 <<<'test'
# tcpdump -nn -i eth0 port 201 or 223
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
..
15:59:01.618826 IP 127.0.0.1.38060 > 192.168.0.21.201: UDP, length 5
3. w/o --new-dst and --new-dport : the way it is right now.
# iptables -t mangle -A PREROUTING -i lo -p udp --dport 223 -j TEE
--gateway 192.168.0.1
# iptables -t mangle -L -nv --line
..
num pkts bytes target prot opt in out source
destination
1 1 33 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1 new-dst:192.168.0.21
new-dport:201
2 0 0 TEE udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:223 TEE gw:192.168.0.1
thx,
-sergey
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Changing destination ip and port of TEE'ed udp
2017-05-08 22:22 Changing destination ip and port of TEE'ed udp Sergey Yermakov
@ 2017-05-08 22:29 ` Jan Engelhardt
[not found] ` <6411b93c-1e13-19ea-b90a-d41df584502e@epmaki.net>
1 sibling, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2017-05-08 22:29 UTC (permalink / raw)
To: Sergey Yermakov; +Cc: netfilter-devel
On Tuesday 2017-05-09 00:22, Sergey Yermakov wrote:
> Hello,
>
> 1. Sorry if this has been already asked before ( couldn't find the answer in
> the archives) or the wrong list.
>
> 2. Changing the destination ip and port of TEE'ed udp datagrams seems doable
> and I was just wondering if there are some arguments against adding it to TEE.
It's not TEE's job to modify the packet - that's for DNAT left to do.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Changing destination ip and port of TEE'ed udp
[not found] ` <6411b93c-1e13-19ea-b90a-d41df584502e@epmaki.net>
@ 2017-05-09 0:51 ` Sergey Yermakov
0 siblings, 0 replies; 3+ messages in thread
From: Sergey Yermakov @ 2017-05-09 0:51 UTC (permalink / raw)
To: netfilter-devel
> It's not TEE's job to modify the packet - that's for DNAT left to do.
I see. thx.
What would be the best approach using DNAT for the following scenario
instead of having this ? :
# iptables .. -j TEE --gateway 192.168.0.1 --new-dst 192.168.0.21
--new-dport 201
# iptables .. -j TEE --gateway 192.168.1.2 --new-dst 192.168.1.22
--new-dport 201
# iptables .. -j TEE --gateway 192.168.1.2 --new-dst 192.168.1.23
--new-dport 202
scenario:
I have a server (192.168.3.20/24) that is getting a quite substantial
amount of udp data on some port and I need to replicate that data out to
192.168.0.21/24, 192.168.1.22/24 and 192.168.1.23/24 servers ?
thx,
-sergey
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-09 0:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-08 22:22 Changing destination ip and port of TEE'ed udp Sergey Yermakov
2017-05-08 22:29 ` Jan Engelhardt
[not found] ` <6411b93c-1e13-19ea-b90a-d41df584502e@epmaki.net>
2017-05-09 0:51 ` Sergey Yermakov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.