thr3ads.net - Shorewall users - Not really 100% Shorewall but sanity check needed [Dec 2003]

If this information is useful, please help other people find it:
Share via:

Holger Brückner

2003-Dec-09 10:05 UTC

Re: Not really 100% Shorewall but sanity check needed

On Tue, 2003-12-09 at 11:14, phil wrote:> 
> Tom, et al
> 
> I have been asked wether it is possible to use iptables to forward a packet
to
> two destination addresses.  The packets are SNMP packets so ACK is not
needed
> (IIRC) If I am wrong, then I could always block the packets returning from
box
> C so only ACK comes from box B, see below.  This is only for a testing
system
> (we need to see if the packets are coming from the customer in the right
order
> or if our software is messing things up!)
> 
> BOX A (SNMP sender) ------------|Firewall|------->Box B (running NetCool
Omnibus)
>                                           \_______>Box C (Temp box for
check
> order of packets)
i don''t know if iptables could do it, but normaly you would use a
switch/router with monitoring port.

A -- FW -- SW -- B
            \----C

phil

2003-Dec-09 10:14 UTC

head link

Not really 100% Shorewall but sanity check needed

Tom, et al

I have been asked wether it is possible to use iptables to forward a packet to
two destination addresses.  The packets are SNMP packets so ACK is not needed
(IIRC) If I am wrong, then I could always block the packets returning from box
C so only ACK comes from box B, see below.  This is only for a testing system
(we need to see if the packets are coming from the customer in the right order
or if our software is messing things up!)

BOX A (SNMP sender) ------------|Firewall|------->Box B (running NetCool
Omnibus)
                                          \_______>Box C (Temp box for check
order of packets)

Thanks in advance (even though this may sound like the rantings of a madman!)

Regards

Phil

--
Phil Foxton RHCE

Tom Eastep

2003-Dec-10 19:22 UTC

head link

Re: Not really 100% Shorewall but sanity check needed

On Tuesday 09 December 2003 02:14 am, phil wrote:> Tom, et al
>
> I have been asked wether it is possible to use iptables to forward a packet
> to two destination addresses.
It is not.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Holger Brückner

2003-Dec-12 10:14 UTC

head link

Re: Not really 100% Shorewall but sanity check needed

On Tue, 2003-12-09 at 11:05, Holger Brückner wrote:> i don''t know if iptables could do it, but normaly you would use a
> switch/router with monitoring port.
> 
> A -- FW -- SW -- B
>             \----C
small note: for test purposes you could also exchange the switch with a
hub and you could monitor all traffic, too.

Shorewall users - Dec 2003 - Not really 100% Shorewall but sanity check needed

Re: Not really 100% Shorewall but sanity check needed

Not really 100% Shorewall but sanity check needed

Re: Not really 100% Shorewall but sanity check needed

Re: Not really 100% Shorewall but sanity check needed