iptables

iptables –list или –L – смотрим правила iptables. Для просмотра нужны права админа.

~$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

redkin_p@devastator ~ $ iptables --list
iptables v1.4.20: can't initialize iptables table `filter': Permission denied (you must be root)

iptables … -tee – c помощью IPTABLES можно зеркалировать трафик который идет к хосту, перенаправляя копию пакета к другому хосту используя опцию tee.

There is an experimental target (ROUTE) which offers an option (--tee) that behaves like the good old linux “tee” command.  It copies a packet to a target ip address and then goes on with the normal behaviour (routing it to it’s normal target.)
This will send a copy of all packets to the monitor pc with the ip 192.168.1.254.
iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.254 --tee
iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.254 --tee

Leave a Reply