Find the answer to your Linux question:
Results 1 to 4 of 4
HI all, Im newbie in iptables, I want help for something.. I have two NICs(eth0 & eth1) installed in my Server. One is connected to Network A and other to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    85

    Unhappy Required help in IPTables


    HI all, Im newbie in iptables, I want help for something.. I have two NICs(eth0 & eth1) installed in my Server. One is connected to Network A and other to Network B.
    When the application in my Server sends any packet to outer world through eth0 it should also be duplicated to eth1 and sent.. and viceversa..
    In short any packet going out of eth0 should also be sent to eth1 and any packet from eth1 should also go through eth0.. I dont knw wheter this can be done or not.. and scared if this packet forwarding will go in a circular loop..

    Adding to the above, Im sending the duplicated packets using the two interfaces. Now the reciever has the chance of getting the duplicated packets. Is there any option in linux kernel or using iptables stuff. to remove the duplicate packets from the same transmitting sender.

    I hope you understand the situation..

    Please help me with the necesary iptable stuff. I need this very urgently..
    Thanks in advance,
    Last edited by maheshgupta024; 11-15-2010 at 04:56 AM.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    On the packet level, this can be achieved via the iptables tee module.
    Unfortunately, iptables tee is not available in a standard centos5.5/redhat5.5.
    (havent checked redhat/centos 6)
    I am not even sure, if any linux distribution has it by default, so you might need to compile it.
    Howto: Copy/Tee/Clone network traffic using iptables | BjOG - Bjou's Blog, that is!


    Other than that, better switches (aka, not the 50euro ones from the local electronic dealer ) have the ability to duplicate traffic by port.
    This is often called "monitor port"

    This traffic duplication can be used for a network IDS, aka: to monitor and anaylze traffic.

    I wouldnt want to use it in application logic, as the traffic may still be different (stupid example: someone disconnects a cable)
    and especially the sending side may be confused if *two* clients answer to the same packet.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Oct 2009
    Posts
    85
    Quote Originally Posted by Irithori View Post
    On the packet level, this can be achieved via the iptables tee module.
    Unfortunately, iptables tee is not available in a standard centos5.5/redhat5.5.
    (havent checked redhat/centos 6)
    I am not even sure, if any linux distribution has it by default, so you might need to compile it.
    Howto: Copy/Tee/Clone network traffic using iptables | BjOG - Bjou's Blog, that is!


    Other than that, better switches (aka, not the 50euro ones from the local electronic dealer ) have the ability to duplicate traffic by port.
    This is often called "monitor port"

    This traffic duplication can be used for a network IDS, aka: to monitor and anaylze traffic.

    I wouldnt want to use it in application logic, as the traffic may still be different (stupid example: someone disconnects a cable)
    and especially the sending side may be confused if *two* clients answer to the same packet.

    Yes, but I need a software solution for this.. I should not rely on external hardware.. While sending the duplications is done, and while recieveing the data should not be duplicated so it should be done in the IPlayer before sending it to the application layer..
    External hardware is not a good solution for me.. that is the reason Im thinking of the iptables or some similar software that match to my requirement.

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    Then, as I said, the iptables module tee might be good for you
    You must always face the curtain with a bow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •