Holger Brückner
2003-Dec-09 10:05 UTC
Re: Not really 100% Shorewall but sanity check needed
On Tue, 2003-12-09 at 11:14, phil wrote:> > Tom, et al > > I have been asked wether it is possible to use iptables to forward a packet to > two destination addresses. The packets are SNMP packets so ACK is not needed > (IIRC) If I am wrong, then I could always block the packets returning from box > C so only ACK comes from box B, see below. This is only for a testing system > (we need to see if the packets are coming from the customer in the right order > or if our software is messing things up!) > > BOX A (SNMP sender) ------------|Firewall|------->Box B (running NetCool Omnibus) > \_______>Box C (Temp box for check > order of packets)i don''t know if iptables could do it, but normaly you would use a switch/router with monitoring port. A -- FW -- SW -- B \----C
Tom, et al I have been asked wether it is possible to use iptables to forward a packet to two destination addresses. The packets are SNMP packets so ACK is not needed (IIRC) If I am wrong, then I could always block the packets returning from box C so only ACK comes from box B, see below. This is only for a testing system (we need to see if the packets are coming from the customer in the right order or if our software is messing things up!) BOX A (SNMP sender) ------------|Firewall|------->Box B (running NetCool Omnibus) \_______>Box C (Temp box for check order of packets) Thanks in advance (even though this may sound like the rantings of a madman!) Regards Phil -- Phil Foxton RHCE
On Tuesday 09 December 2003 02:14 am, phil wrote:> Tom, et al > > I have been asked wether it is possible to use iptables to forward a packet > to two destination addresses.It is not. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Holger Brückner
2003-Dec-12 10:14 UTC
Re: Not really 100% Shorewall but sanity check needed
On Tue, 2003-12-09 at 11:05, Holger Brückner wrote:> i don''t know if iptables could do it, but normaly you would use a > switch/router with monitoring port. > > A -- FW -- SW -- B > \----Csmall note: for test purposes you could also exchange the switch with a hub and you could monitor all traffic, too.