复制所有传出的 IP 数据包

Question

iptables -j TEE目标的设计目的正是克隆匹配的数据包：

man iptables-extensions

TEE
The TEE target will clone a packet and redirect this clone to 
another machine on the local network segment. In other words, 
the nexthop must be the target, or you will have to configure 
the nexthop to forward it further if so desired.

--gateway ipaddr
    Send the cloned packet to the host reachable at the given 
IP address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is 
invalid. 

To forward all incoming traffic on eth0 to an Network Layer 
logging box:

-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1

Answer 1

iptables -j TEE目标的设计目的正是克隆匹配的数据包：

man iptables-extensions

TEE
The TEE target will clone a packet and redirect this clone to 
another machine on the local network segment. In other words, 
the nexthop must be the target, or you will have to configure 
the nexthop to forward it further if so desired.

--gateway ipaddr
    Send the cloned packet to the host reachable at the given 
IP address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is 
invalid. 

To forward all incoming traffic on eth0 to an Network Layer 
logging box:

-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1

复制所有传出的 IP 数据包

答案1

相关内容