Results 1 to 4 of 4
HI all, Im newbie in iptables, I want help for something.. I have two NICs(eth0 & eth1) installed in my Server. One is connected to Network A and other to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-15-2010 #1
- Join Date
- Oct 2009
Required help in IPTables
HI all, Im newbie in iptables, I want help for something.. I have two NICs(eth0 & eth1) installed in my Server. One is connected to Network A and other to Network B.
When the application in my Server sends any packet to outer world through eth0 it should also be duplicated to eth1 and sent.. and viceversa..
In short any packet going out of eth0 should also be sent to eth1 and any packet from eth1 should also go through eth0.. I dont knw wheter this can be done or not.. and scared if this packet forwarding will go in a circular loop..
Adding to the above, Im sending the duplicated packets using the two interfaces. Now the reciever has the chance of getting the duplicated packets. Is there any option in linux kernel or using iptables stuff. to remove the duplicate packets from the same transmitting sender.
I hope you understand the situation..
Please help me with the necesary iptable stuff. I need this very urgently..
Thanks in advance,
Last edited by maheshgupta024; 11-15-2010 at 05:56 AM.
- 11-15-2010 #2
On the packet level, this can be achieved via the iptables tee module.
Unfortunately, iptables tee is not available in a standard centos5.5/redhat5.5.
(havent checked redhat/centos 6)
I am not even sure, if any linux distribution has it by default, so you might need to compile it.
Howto: Copy/Tee/Clone network traffic using iptables | BjOG - Bjou's Blog, that is!
Other than that, better switches (aka, not the 50euro ones from the local electronic dealer ) have the ability to duplicate traffic by port.
This is often called "monitor port"
This traffic duplication can be used for a network IDS, aka: to monitor and anaylze traffic.
I wouldnt want to use it in application logic, as the traffic may still be different (stupid example: someone disconnects a cable)
and especially the sending side may be confused if *two* clients answer to the same packet.You must always face the curtain with a bow.
- 11-15-2010 #3
- Join Date
- Oct 2009
Yes, but I need a software solution for this.. I should not rely on external hardware.. While sending the duplications is done, and while recieveing the data should not be duplicated so it should be done in the IPlayer before sending it to the application layer..
External hardware is not a good solution for me.. that is the reason Im thinking of the iptables or some similar software that match to my requirement.
- 11-15-2010 #4
Then, as I said, the iptables module tee might be good for youYou must always face the curtain with a bow.