Page 1 of 2

How do I setup port mirroring on Tomato firmware?

Posted: Wed May 01, 2013 2:23 am
by bob
I can get my computer monitored but nothing else as I have not set up port mirroring. Can someone explain step-by-step how to do this? Seem really easy from stock Linksys firmware. I can't find this option on Tomato



Almost forgot routers is a Linksys WRT54G v8.0 and I also have a v3.1

How do I setup port mirroring on Tomato firmware?

Posted: Thu May 02, 2013 3:15 am
by gengw2000
You need to use iptables to setup mirroring.



Please check these topics:



http://www.linksysinfo.org/index.php?threads/how-to-setup-port-mirroring-with-iptables.32889/



http://www.linksysinfo.org/index.php?threads/port-mirroring.23262/



Because the iptables TEE target does not contain original mac addresses, you need to use "by ip address" monitoring mode in WFilter.

How do I setup port mirroring on Tomato firmware?

Posted: Thu May 02, 2013 4:22 am
by bob
Thank you for the response!



I do have a thread going but it isn't working:



http://www.linksysinfo.org/index.php?threads/how-do-i-setup-port-mirroring-on-tomato-firmware.68485/



Can you identify if I'm doing anything wrong?

How do I setup port mirroring on Tomato firmware?

Posted: Fri May 03, 2013 4:47 am
by gengw2000
You need to be familiar with the "iptables" syntax to make it working. "rpcapd" is not what you're looking for.

How do I setup port mirroring on Tomato firmware?

Posted: Fri May 03, 2013 4:55 am
by gengw2000
Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.

How do I setup port mirroring on Tomato firmware?

Posted: Fri May 03, 2013 2:46 pm
by bob
gengw2000 wrote: Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.



Yeah I have that in the firewall section of Tomato but can still only monitor my computer (192.168.1.100)



How do I setup port mirroring on Tomato firmware?

Posted: Mon May 06, 2013 3:50 am
by imfirewall
I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?

How do I setup port mirroring on Tomato firmware?

Posted: Mon May 06, 2013 4:26 am
by bob
imfirewall wrote: I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?



Could you give me an example of what I should be using? People keep telling me to use this type of firewall as if it should be this simple



iptables -A PREROUTING -t mangle --source 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -s 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -d 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee



I have a simple network with a hand full of computers. I need to monitor some file activity. Just a router and a couple of switches. I'm trying to do this with WFilter enterprise edition and according to the instruction it should be a matter of simple port mirroring.



I'm using the trial but only have a couple of days left for evaluation. I really want to know if I can get this working before then, kind of important for a purchase decisions.

How do I setup port mirroring on Tomato firmware?

Posted: Mon May 06, 2013 7:43 am
by imfirewall
The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm

How do I setup port mirroring on Tomato firmware?

Posted: Mon May 06, 2013 7:46 am
by bob
imfirewall wrote: The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm



Hi,



Thank you for the help!



Version 1.28