Setup port-mirroring with iptables

4.1

Author:

IMFirewall Software

HomePage:

http://www.wfiltericf.com

The "--tee" option of iptables can mirror network packets to a target ip address. With this feature, you can deploy monitoring easily when you have an embed Linux gateway or bridge.

In this example, we're using an ubuntu gateway. Syntax to setup iptables port mirroring:

sudo iptables -t mangle -A POSTROUTING -j TEE --gateway 192.168.1.200

Figure 1

WFilter in "192.168.1.200" will be able to monitor all network clients.

Links

• How to check whether port mirroring is properly configured?
• When to add a blocking adapter?
• Blocking UDP in pass-by deployment
• Homepage of WFilter Deployment