Menu
What's new
By:
Filters Better Search

Mirroring with iptables TEE - some help?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Emphyrio

Emphyrio

New Around Here
Hi all! I'm trying to mirror data sent from a Bresser weather station to a WeeWX install (so I can intercept the data sent to rtupdate.wunderground.com). Unfortunately failing to get results :( Can you help?

Running these commands on AsusWrt (RT-AC68U on Merlin 384.11_2):
modprobe xt_TEE
iptables -t mangle -A PREROUTING -s 192.168.1.31 -j TEE --gateway 192.168.1.27
iptables -t mangle -A POSTROUTING -d 192.168.1.31 -j TEE --gateway 192.168.1.27​

Then running this command at the Weewx install (192.168.1.27):
tcpdump -nnSX port 80​

Is listening but not showing any output... I was hoping to see some traffic but nothing. What can I try?

P.S. The weather station @ 192.168.1.31 is succesfully transmitting to weatherunderground.com, so that prerequisite has been provided for I believe.
 
Last edited:
Emphyrio said:
Hi all! I'm trying to mirror data sent from a Bresser weather station to a WeeWX install (so I can intercept the data sent to rtupdate.wunderground.com). Unfortunately failing to get results :( Can you help?

Running these commands on AsusWrt (RT-AC68U on Merlin 384.11_2):
modprobe xt_TEE
iptables -t mangle -A PREROUTING -s 192.168.1.31 -j TEE --gateway 192.168.1.27
iptables -t mangle -A POSTROUTING -d 192.168.1.31 -j TEE --gateway 192.168.1.27​

Then running this command at the Weewx install (192.168.1.27):
tcpdump -nnSX port 80​

Is listening but not showing any output... I was hoping to see some traffic but nothing. What can I try?

P.S. The weather station @ 192.168.1.31 is succesfully transmitting to weatherunderground.com, so that prerequisite has been provided for I believe.
Click to expand...
I don’t know anything about TEEing, but are you certain the data is only transferred on port 80 for your tcpdump? What about 443?

Edit: I guess you couldn’t intercept encrypted data, but maybe a different port nonetheless?
 
Emphyrio said:
Hi all! I'm trying to mirror data sent from a Bresser weather station to a WeeWX install (so I can intercept the data sent to rtupdate.wunderground.com). Unfortunately failing to get results :( Can you help?

Running these commands on AsusWrt (RT-AC68U on Merlin 384.11_2):
modprobe xt_TEE
iptables -t mangle -A PREROUTING -s 192.168.1.31 -j TEE --gateway 192.168.1.27
iptables -t mangle -A POSTROUTING -d 192.168.1.31 -j TEE --gateway 192.168.1.27​

Then running this command at the Weewx install (192.168.1.27):
tcpdump -nnSX port 80​

Is listening but not showing any output... I was hoping to see some traffic but nothing. What can I try?

P.S. The weather station @ 192.168.1.31 is succesfully transmitting to weatherunderground.com, so that prerequisite has been provided for I believe.
Click to expand...
Check the packets/bytes count on the router to see if the rule is matching.
Code: 
iptables -t mangle -L -v
Should be greater than 0 for either of the rules with TEE.
 
Thanks for your responses!

The weather station is supposed to output at port 80, but you're right better to verify. So I checked with tcpdump -i eth0 but no traffic from 192.168.31 (weather station) seems to be reaching 192.168.1.27 (weewx install). No luck there.

Below is the output for that command. Is this as expected?

Code: 
iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 4571 packets, 664K bytes)
 pkts bytes target     prot opt in     out     source               destination
  214 10277 TEE        all  --  any    any     Bresser-base         anywhere             TEE gw:192.168.1.27

Chain INPUT (policy ACCEPT 2242 packets, 368K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 2319 packets, 295K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2350 packets, 397K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 4666 packets, 693K bytes)
 pkts bytes target     prot opt in     out     source               destination
  278 11504 TEE        all  --  any    any     anywhere             Bresser-base         TEE gw:192.168.1.27
 
Emphyrio said:
Thanks for your responses!

The weather station is supposed to output at port 80, but you're right better to verify. So I checked with tcpdump -i eth0 but no traffic from 192.168.31 (weather station) seems to be reaching 192.168.1.27 (weewx install). No luck there.

Below is the output for that command. Is this as expected?

Code: 
iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 4571 packets, 664K bytes)
 pkts bytes target     prot opt in     out     source               destination
  214 10277 TEE        all  --  any    any     Bresser-base         anywhere             TEE gw:192.168.1.27

Chain INPUT (policy ACCEPT 2242 packets, 368K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 2319 packets, 295K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2350 packets, 397K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 4666 packets, 693K bytes)
 pkts bytes target     prot opt in     out     source               destination
  278 11504 TEE        all  --  any    any     anywhere             Bresser-base         TEE gw:192.168.1.27
Click to expand...
It at least shows that the rules are matching the traffic, but in small amounts. Maybe run the following on the router to see any traffic going to the weewx:
Code: 
tcpdump -i br0 host 192.168.1.27
Maybe someone smarter than me can help to write a LOG statement for iptables to at least confirm what is going where. You might have better luck on the weewx sites where this seems to be "a thing".
 
Emphyrio said:
Unfortunately, no one there is responding to my question :(
Thanks for your input!
Click to expand...
I just purchased 4x8 port switches from Amazon for 45$ Canadian each. They have an option under switching called "Port Mirroring," I'm not sure if this is what you need but I thought I would pass the knowledge on.
 
You must log in or register to reply here.

Similar threads

A
Entware iptables no chain/target/match and tcpdump problems
Replies
3
Views
924
RMerlin
RMerlin
R
Port mirroring makes router freeze
Replies
0
Views
982
raca
R
F
RT-AX56U v1 port mirroring / SPAN not working (iptables: No chain/target/match by that name)
Replies
2
Views
2K
fhuang2
F
O
Port Mirroring question (iptables -tee)
Replies
2
Views
6K
orutra
O
garycnew
Tutorial [SOLUTION] OpenVPN Client Split Tunnel Reverse Proxy Web Traffic using Nginx, DNSMasq, and IPTables
Replies
13
Views
7K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
S Custom IPTables and EBTables CLI after GUI reprovisioning Asuswrt-Merlin 1
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
SkierInAvon Asus Merlin - iptables command (not working?) Asuswrt-Merlin 8
v.y.k iptables pkts & bytes numbers are too low on Merlin 3004.388 Asuswrt-Merlin 13

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 766 (members: 23, guests: 743)
Top