How do I setup port mirroring on Tomato firmware?

General discussion about WFilter ICF features, problems, configuration issues etc.

Moderators: imfirewall, gengw2000

bob
Posts: 14
Joined: Wed May 01, 2013 2:18 am

How do I setup port mirroring on Tomato firmware?

Postby bob » Wed May 01, 2013 2:23 am

I can get my computer monitored but nothing else as I have not set up port mirroring. Can someone explain step-by-step how to do this? Seem really easy from stock Linksys firmware. I can't find this option on Tomato



Almost forgot routers is a Linksys WRT54G v8.0 and I also have a v3.1

gengw2000
Posts: 281
Joined: Mon Sep 07, 2009 11:11 pm

How do I setup port mirroring on Tomato firmware?

Postby gengw2000 » Thu May 02, 2013 3:15 am

You need to use iptables to setup mirroring.



Please check these topics:



http://www.linksysinfo.org/index.php?threads/how-to-setup-port-mirroring-with-iptables.32889/



http://www.linksysinfo.org/index.php?threads/port-mirroring.23262/



Because the iptables TEE target does not contain original mac addresses, you need to use "by ip address" monitoring mode in WFilter.

bob
Posts: 14
Joined: Wed May 01, 2013 2:18 am

How do I setup port mirroring on Tomato firmware?

Postby bob » Thu May 02, 2013 4:22 am

Thank you for the response!



I do have a thread going but it isn't working:



http://www.linksysinfo.org/index.php?threads/how-do-i-setup-port-mirroring-on-tomato-firmware.68485/



Can you identify if I'm doing anything wrong?

gengw2000
Posts: 281
Joined: Mon Sep 07, 2009 11:11 pm

How do I setup port mirroring on Tomato firmware?

Postby gengw2000 » Fri May 03, 2013 4:47 am

You need to be familiar with the "iptables" syntax to make it working. "rpcapd" is not what you're looking for.

gengw2000
Posts: 281
Joined: Mon Sep 07, 2009 11:11 pm

How do I setup port mirroring on Tomato firmware?

Postby gengw2000 » Fri May 03, 2013 4:55 am

Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.

bob
Posts: 14
Joined: Wed May 01, 2013 2:18 am

How do I setup port mirroring on Tomato firmware?

Postby bob » Fri May 03, 2013 2:46 pm

gengw2000 wrote: Since iptables can send packets to WFilter computer by ip address, the WFilter computer does not need to be directly connected to the router.



Suppose the WFilter computer's ip address is "192.168.1.100". The syntax will be like:



iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.100 --tee



Please notice the syntax varies due to different iptables versions.



Yeah I have that in the firewall section of Tomato but can still only monitor my computer (192.168.1.100)



imfirewall
Posts: 153
Joined: Fri Nov 26, 2010 7:41 am

How do I setup port mirroring on Tomato firmware?

Postby imfirewall » Mon May 06, 2013 3:50 am

I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?

bob
Posts: 14
Joined: Wed May 01, 2013 2:18 am

How do I setup port mirroring on Tomato firmware?

Postby bob » Mon May 06, 2013 4:26 am

imfirewall wrote: I doubt your iptables are correctly configure. Can you take a screenshot of "iptables -L" to list all iptables rules to check?



Could you give me an example of what I should be using? People keep telling me to use this type of firewall as if it should be this simple



iptables -A PREROUTING -t mangle --source 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -s 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee

iptables -A PREROUTING -t mangle -d 192.168.1.1 -j ROUTE --gw 192.168.1.100 --tee



I have a simple network with a hand full of computers. I need to monitor some file activity. Just a router and a couple of switches. I'm trying to do this with WFilter enterprise edition and according to the instruction it should be a matter of simple port mirroring.



I'm using the trial but only have a couple of days left for evaluation. I really want to know if I can get this working before then, kind of important for a purchase decisions.

imfirewall
Posts: 153
Joined: Fri Nov 26, 2010 7:41 am

How do I setup port mirroring on Tomato firmware?

Postby imfirewall » Mon May 06, 2013 7:43 am

The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm

bob
Posts: 14
Joined: Wed May 01, 2013 2:18 am

How do I setup port mirroring on Tomato firmware?

Postby bob » Mon May 06, 2013 7:46 am

imfirewall wrote: The iptables syntax varies due to different iptables versions. So we're uncertain which command you should use.



Anyway, please tell me the exact Tomato firmware version, so we can setup and test it.



You always can extend the trial by apply for a new evaluation key at: http://www.imfirewall.us/require_evalute.htm



Hi,



Thank you for the help!



Version 1.28


Return to “WFilter ICF”

Who is online

Users browsing this forum: No registered users and 8 guests