8

I have a proprietary system which transmit a udp video stream from unit #1 (192.168.1.1) to unit #2 (.1.2). I can't make changes to this system, and I'm trying to clone this udp stream so I can access it in a different program. This program will do stuff with the video and send it out again as a multicast stream.

I'm hoping to do this using a Linux machine (running Ubuntu Server 12.04 now) with three network cards. By connecting unit #1 and #2 to two of the network cards (eth0 and eth1) in the Linux machine and using bridge, I've got them communicating. My /etc/network/interfaces looks like:

# The loopback network interface
auto lo
iface lo inet loopback

# The external interface
auto eth3
iface eth3 inet static
address 192.168.10.2
netmask 255.255.255.0

# The bridge interface
auto br0
iface br0 inet manual
  bridge_ports eth0 eth1

This works, and by using tcpdump I've confirmed that the udp packets are arriving from #1 and are heading towards #2 at port 6000.

The next step I hope will work is to use iptables to clone all udp packets comming from 192.168.1.1 going to port 6000 at #2. I'm not very familiar with iptables, but after reading on line and the manual I thought this would work:

iptables -A PREROUTING -t mangle -p udp -s 192.168.1.1/32 --dport 6000 -j TEE --gateway 192.168.10.2

The rule is applied successfully, but it doesn't work. If I use tcpdump to monitor eth3 I don't see the packets there.

I'd like to grab this stream, work on it and send it out as a multicast on the .10.2 interface.

What am I doing wrong? Is there something I've misunderstood?

Håkon K. Olafsen
  • 181
  • 1
  • 5

2 Answers2

4

The packets never reach eth3 as 192.168.10.2 is the machine itself. Also the duplicated packets still have the destincation ip-address 192.168.1.2. You need to TEE them to a machine in 192.168.10.0/24 for example 192.168.10.254 so that the duplicates actually get routed over eth3.

iptables -t mangle -A PREROUTING -p udp --dport 6000 -j TEE --gateway 192.168.10.254

Then you also need to DNAT them to 192.168.10.254, so you can read the stream on 192.168.10.254 and send it out via multicasting.

Either on 192.168.10.254 itself:

iptables -t nat -A PREROUTING -p udp -d 192.168.1.2 --dport 6000 -j DNAT --to-destination 192.168.10.254:6000

Or still on 192.168.10.2 before the packets are leaving eth3:

iptables -t nat -A POSTROUTING -o eth3 -p udp -d 192.168.1.2 --dport 6000 -j DNAT --to-destination 192.168.10.254:6000
lsmooth
  • 1,521
  • 1
  • 9
  • 17
  • If I understand this correctly, what you've explained would send the packets to a different machine (.10.254). I would like to avoid this extra machine, and just do this internally on one machine. If I set the gateway to 127.0.0.1, would that work=? – Håkon K. Olafsen Feb 23 '13 at 08:52
  • The gateway is just a next hop the destination still remains 192.168.1.2 and you are not able to DNAT the duplicated packets on the machine "teeing" them. So 127.0.0.1 will not work either. – lsmooth Feb 23 '13 at 11:41
  • So I can't do what I'm trying to using just one machine. – Håkon K. Olafsen Feb 23 '13 at 12:05
0

I had a similar problem and solved it with a little program which used libpcap to read the contents of the UDP packets. It sent copies of these packets to another destination. (Which could be on the same machine.)

fadedbee
  • 1,988
  • 4
  • 22
  • 33