1

Trying to understand the TEE module of iptables. Intend is trying to clone and send the same packet to 2 IPs

Tried the following

iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP1
iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP2

Does this tee the traffic to both gateways or only the 1st rule? running the command iptables -L -v shows the rules and packets getting counted against the rule.

Also saw commands with -t mangle like

iptables -t mangle -A PREROUTING -P tcp --dport 2003 -j TEE --gateway IP1

Running the command iptables -L doesn't show prerouting values but I can see it in iptables -S

In any of the cases, this didn't seem like it was forwarding the packets to the said IP1 (on the same network). Running a TCP dump on the macing with IP1 could not show any data coming in.

Also any nice article on understanding IPTABLES for Dummies ...Official docs well went above my head :/

Vipin Menon
  • 111
  • 1
  • https://serverfault.com/questions/179968/how-to-tee-udp-packets-onto-a-different-host take a look here – djdomi Jul 29 '21 at 07:17
  • Regarding iptables documentation, https://wiki.archlinux.org/title/iptables is quite decent, and [this linked picture](https://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg) gives a very nice overview of tables and chains ([this image](https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg) linked from wikipedia is sort of the same thing but in more detail, but it is much less clear). – hlovdal Jan 19 '22 at 14:44

0 Answers0