Deploy WFilter with tomato router

4.1

Author:

IMFirewall Software

HomePage:

http://www.wfiltericf.com

The "--tee" option of iptables can mirror network packets to a target ip address. With this feature, you can deploy monitoring easily when you have an embed Linux router.

In this tutorial, we will guide you to deploy WFilter using a Tomato router(firmware version: v1.28).

1. Enable SSH login in Tomato

Enable "SSH Daemon" in "Administration" - "Admin Access".

Figure 1

2. Login into your Tomato router.

Login into your Tomato router using any ssh client.

Figure 2

3. Enable the ipt_ROUTE module.

For "--tee" option to work, you need to enable the "ipt_ROUTE" module, which is not enabled by default.

Figure 3

4. Add the iptables rule for packet forwarding.

In this example, we forward packets to "192.168.1.100".

Figure 4

5. List and verify iptables rules.

You can list your iptables rules to check whether this rule is successfully added.

Figure 5

6. Add startup script.

If you want this rule to exist after router rebooting, you need to add these two commands into the startup scripts in "Administration - Scripts".

modprobe ipt_ROUTE

iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee

Figure 6

Figure 7

7. Check your WFilter settings.

By now, you will be able to monitor all network clients in WFilter, which is installed in 192.168.1.100.

Please notice, "iptables" will not forward original mac addresses of packets. Therefore, you can not use "by mac address" monitoring mode of WFilter, use "by ip address" instead.

Figure 8

Links

• How to check whether port mirroring is properly configured?
• When to add a blocking adapter?
• Blocking UDP in pass-by deployment
• Homepage of WFilter Deployment