How do I setup port mirroring on Tomato firmware?

[bob]

I can get my computer monitored but nothing else as I have not set up port mirroring. Can someone explain step-by-step how to do this? Seem really easy from stock Linksys firmware. I can't find this option on Tomato



Almost forgot routers is a Linksys WRT54G v8.0 and I also have a v3.1

[gengw2000]

You need to use iptables to setup mirroring.



Please check these topics:



http://www.linksysinfo.org/index.php?threads/how-to-setup-port-mirroring-with-iptables.32889/



http://www.linksysinfo.org/index.php?threads/port-mirroring.23262/



Because the iptables TEE target does not contain original mac addresses, you need to use "by ip address" monitoring mode in WFilter.

[bob]

Thank you for the response!



I do have a thread going but it isn't working:



http://www.linksysinfo.org/index.php?threads/how-do-i-setup-port-mirroring-on-tomato-firmware.68485/



Can you identify if I'm doing anything wrong?

[gengw2000]

You need to be familiar with the "iptables" syntax to make it working. "rpcapd" is not what you're looking for.

[gengw2000]

Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.

[bob]

gengw2000 wrote: Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.

Yeah I have that in the firewall section of Tomato but can still only monitor my computer (192.168.1.100)

[imfirewall]

I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?

[bob]

imfirewall wrote: I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?

Could you give me an example of what I should be using? People keep telling me to use this type of firewall as if it should be this simple



iptables -A PREROUTING -t mangle --source 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -s 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -d 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee



I have a simple network with a hand full of computers. I need to monitor some file activity. Just a router and a couple of switches. I'm trying to do this with WFilter enterprise edition and according to the instruction it should be a matter of simple port mirroring.



I'm using the trial but only have a couple of days left for evaluation. I really want to know if I can get this working before then, kind of important for a purchase decisions.

[imfirewall]

The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm

[bob]

imfirewall wrote: The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm

Hi,



Thank you for the help!



Version 1.28