1

I have the following setup:

  • A data source (IP 192.168.178.1) sends UDP packets to a server.
  • Server (Debian) collects and processes UDP data (IP 192.168.178.10, port 4000)
  • PC (Windows 10) is supposed to monitor UDP data (IP 192.168.178.22, port 4000)

The idea is to copy the UDP data and forward it to the PC using iptabels. The rule is set up on the Debian server (IP 192.168.178.10):

iptables -t mangle -A PREROUTING -p udp --dport 4000 -j TEE --gateway 192.168.178.22

The effect is:

  • The server still receives and processes UDP data (OK).
  • The PC also receives that data, however with the wrong destination IP. Hence, that data is not processed by the monitoring software.

On the PC Wireshark shows that the destination address is not the IP of the PC (.22) but the one of the server (.10):

Internet Protocol Version 4, Src: 192.168.178.1, Dst: 192.168.178.10

Now there are two, maybe three questions:

  • Why does the PC receive the forwarded UDP packets at all since the destination IP address of those packets does not match?
  • How may the IP-address of the iptables rule be changed to the IP address of the PC? Maybe I need to add a rule for POSTROUTING?
  • Do I need to update any check sums?
Improve this question
1
  • Answer to the first question: because the rule told it to send the packet to the PC. Packets are sent to nodes with an IP address that differs from the destination address all the time. This is how routers work. The sender doesn't know the PC isn't going to forward the packet, and doesn't care. Commented Jul 25, 2019 at 10:38

1 Answer 1

Reset to default
1

I've found the following solution for this problem:

  1. Duplicate the UDP packets at the data source instead of doing this at the destination. This rule copies all outgoing UDP packets for the PC (.22) and sends them to the server (.10):

    sudo iptables -t mangle -A OUTPUT -p udp -d 192.168.178.22 --dport 4000 -j TEE --gateway 192.168.178.10

  2. On the server the destination address still is the one of the PC, so it has to be changed to the server's IP address:

    sudo iptables -t nat -A PREROUTING -p udp --dport 4000 -j NETMAP --to 192.168.178.10

Now both the server and the PC get the UDP packets with the correct destination addresses so the software will accept the data.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.