0

I have a setup that receives mirrored traffic from many IP addresses on my network card (eth0).

I wanted to send the received packets destined to a particular IP address(say 8.8.8.8) to a docker container running on the same host (say with IP 172.17.0.2)

Packet (dst 8.8.8.0 etc) -> eth0 -> Filter 8.8.8.8 using iptables -> docker container (172.17.0.2)

Since the packets are not destined to me I am unable to filter them using iptables and DNAT it to the docker container.

Since I am new to it, any help would be highly appreciated.

There had been one similar question but didn't really get it. Filter mirrored port traffic using iptables

Edit: The NIC is already in Promiscuous mode as I am simultaneously running tcpdump on it. I don't know if it helps in answering but the NIC is being used for the sole purpose of receiving mirrored traffic. And doesn't have an IPv4 assigned to it.

n00buser
  • 1
  • 1

1 Answers1

0

Have you tried PREROUTING section in *nat? Rule should looks like this:

iptables -t nat -A PREROUTING -d 8.8.8.8/32 -j DNAT --to-destination 172.17.0.2

PREROUTING rules executed before *filter, so it should work.

Alexander Tolkachev
  • 4,513
  • 3
  • 14
  • 23
  • Yeah, I have already tried it. But it doesn't work as the mirrored packets are not even detected by iptables or any application(except tcpdump or similar ones which directly read it from NIC) for that matter, as they are not destined to my host. – n00buser Jul 06 '17 at 14:32
  • @n00buser have you enables promiscuous mode on network interface? – Alexander Tolkachev Jul 06 '17 at 15:17
  • Yes. It is in promiscuous mode. Kindly see the Edit part in question details. – n00buser Jul 06 '17 at 15:20
  • To check if eth0 receives any data in promisc mode I run: `sudo iptables -t raw -I PREROUTING -i eth0 -p tcp -d 8.8.8.8 -j LOG --log-level 1 --log-prefix "A Connection "` The above command **doesn't generate any log**. The same command works for any other interface I try it on, say eno1 (which is assigned an ip say 172.24.24.24 and I change the command to -i eno1 -d 172.24.24.24) – n00buser Jul 06 '17 at 15:48
  • @n00buser looks like `iptables` couldn't see this packets, iptables does not work in promiscuous mode. [There](https://www.spinics.net/lists/netfilter/msg51265.html) is two solutions that you could try. – Alexander Tolkachev Jul 06 '17 at 17:13