The "--tee" option of iptables can mirror network packets to a target ip address. With this feature, you can deploy monitoring easily when you have an embed Linux router.
In this tutorial, we will guide you to deploy WFilter using a Tomato router(firmware version: v1.28).
Enable "SSH Daemon" in "Administration" - "Admin Access".
Login into your Tomato router using any ssh client.
For "--tee" option to work, you need to enable the "ipt_ROUTE" module, which is not enabled by default.
In this example, we forward packets to "192.168.1.100".
You can list your iptables rules to check whether this rule is successfully added.
If you want this rule to exist after router rebooting, you need to add these two commands into the startup scripts in "Administration - Scripts".
iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee
By now, you will be able to monitor all network clients in WFilter, which is installed in 192.168.1.100.
Please notice, "iptables" will not forward original mac addresses of packets. Therefore, you can not use "by mac address" monitoring mode of WFilter, use "by ip address" instead.