AX86U - port mirroring

[Uibbs]

Planning to do port mirroring to a rasberry pi connected to Lan port of AX86U. Followed a thread of RT-AC66U and here, but could not get it work. I kept getting the following error

> iptables -I PREROUTING -t mangle -j ROUTE --gw (Ip-of-your-IDS) --tee
iptables: No chain/target/match by that name.

So, is this firmware issue (on 3.0.0.4.388_24231) or this cannot be done in AX86U. Or I am missing something else.

 

[bennor]

So, is this firmware issue (on 3.0.0.4.388_24231) or this cannot be done in AX86U. Or I am missing something else.

Those directions you followed were performed on the Asus-Merlin firmware not the stock Asus firmware.

 

[eibgrad]

It's probably complaining about the ROUTE jump target, which for third-party firmware is often NOT loaded by default, assuming it's in the firmware at all. For example, when using DD-WRT, I typically first need to issue the following command so the jump target is recognized by any subsequent iptables commands.

modprobe ipt_ROUTE

If that doesn't work, then the module is probably NOT in the firmware (which wouldn't surprise me if it's OEM). If it is, the following command will likely find it.

find /lib -name *ROUTE*

P.S. The following will tell you if in fact it is already loaded.

lsmod | grep ROUTE

 

[Uibbs]

Those directions you followed were performed on the Asus-Merlin firmware not the stock Asus firmware.

i think I was on merlin firmware. just upgraded to the latest RT-AX86U_3004_388.8_2_pureubi.w, still same error

 

[Uibbs]

It's probably complaining about the ROUTE jump target, which for third-party firmware is often NOT loaded by default, assuming it's in the firmware at all. For example, when using DD-WRT, I typically first need to issue the following command so the jump target is recognized by any subsequent iptables commands.

modprobe ipt_ROUTE

If that doesn't work, then the module is probably NOT in the firmware (which wouldn't surprise me if it's OEM). If it is, the following command will likely find it.

find /lib -name *ROUTE*

P.S. The following will tell you if in fact it is already loaded.

lsmod | grep ROUTE

I tried ur troubleshooting, here is the result. it seems the module is not in the firmware and no where to be found?

admin@RT-AX86U-2518:/tmp/home/root# modprobe ipt_ROUTE
modprobe: module ipt_ROUTE not found in modules.dep
admin@RT-AX86U-2518:/tmp/home/root# find /lib -name *ROUTE*
admin@RT-AX86U-2518:/tmp/home/root# lsmod | grep ROUTE
admin@RT-AX86U-2518:/tmp/home/root#

I also got the same error without -j ROUTE

admin@RT-AX86U-2518:/tmp/home/root# iptables -I PREROUTING
iptables: No chain/target/match by that name.

does this mean ROUTE is loaded?

admin@RT-AX86U-2518:/tmp/home/root# iptables -j ROUTE
iptables v1.4.15: ROUTE target: oif, iif or gw option required

 

[ColinTaylor]

Enabling Port mirroring Asus RT-AC66U

Anyone know how this is done, need port mirroring so i can run a filtering program.

www.snbforums.com

It's possible that you will get incomplete data being mirrored unless you also disable hardware acceleration on your AX86U.

 

[Uibbs]

Enabling Port mirroring Asus RT-AC66U

Anyone know how this is done, need port mirroring so i can run a filtering program.

www.snbforums.com

It's possible that you will get incomplete data being mirrored unless you also disable hardware acceleration on your AX86U.

the problem is I am not getting any data mirrored at all.


dig deeper this command from this thread seemed to work but crashed the router

iptables -I PREROUTING -t mangle -j TEE --gateway <Ip-of-your-IDS>

 

[ColinTaylor]

the problem is I am not getting any data mirrored at all.

How exactly are you testing this. Where is the traffic coming from and going to? How are monitoring this on the Pi?

dig deeper this command from this thread seemed to work but crashed the router

iptables -I PREROUTING -t mangle -j TEE --gateway <Ip-of-your-IDS>

Include the source address in the iptables command.

 

[Uibbs]

How exactly are you testing this. Where is the traffic coming from and going to? How are monitoring this on the Pi?


Include the source address in the iptables command.

So way I tested this by running tcpdump on the pi to see if I can get ICMP traffic from the ping on my desktop.

I added the source IP and see the following observations:
- internet still hang on desktop
- ping just fine, so it is likely ICMP works but not TCP.
- local network still working
- pi can see the traffic from the desktop

iptables -A POSTROUTING -t mangle -d <desktop-IP> -j TEE --gateway <raspi-IP>

I also tries between different combination of PREROUTING/POSTROUTING and -d/-s <desktop-IP>. PREROUTING -s also freezes desktop internet, but this time local network freezes too.