I have 951Ui-2HnD with OS v6.34.2 installed. Really need to redirect/clone broadcast packets, coming from LAN on specified UDP port to specified address behind some router. IP->Firewall->Mangle rules does not have "Action" that can do it. There is almost similar actions: "sniff PC" and "sniff TZSP", but them is not just routing the packet itself, but transferring packet by Wireshark protocol, which is not what I need. For better understanding I will bring 2 examples of solving the task in other systems:
Linux iptables:
iptables -t mangle -A PREROUTING -i br0 -m addrtype --dst-type BROADCAST -p udp -m udp --dport 475 -j TEE --gateway 172.16.250.10
(not flexible solution: will clone a packet and redirect this clone to another machine on the local network segment, in other words, can not route cloned packet (but in worst case, I can try to adopt this))
cisco ios:
interface GigabitEthernet0/0
ip helper-address 172.16.250.10
!
ip forward-protocol udp 475
(not flexible solution: it can redirects only broadcasts (but still enough for my specific task))
But we have only RB951Ui-2HnD there, so I need to do redirect with Mikrotik. I think I need to post a feature request somewhere...
iptables "-j TEE" functionality needed
Last edited by NoX on Wed Feb 24, 2016 6:00 am, edited 1 time in total.
Re: iptables "-j TEE" functionality needed
use NAT not mangle.
Re: iptables "-j TEE" functionality needed
I've tried. NAT isn't working because broadcasts is not coming to NAT chains.
Re: iptables "-j TEE" functionality needed
I have done this myself in the past and it works. You might need to modify your selections - post your rules you tried and the src:port -> dst:port pairs so we can see.
Re: iptables "-j TEE" functionality needed
Sorry for resurrecting an old thread but I second the OP's request.
Port mirroring works but it clones all traffic which adds unwanted network load.
I tried NAT but could not figure out how to do it. I thought NAT would forward the original packet to the NATed destination but not to its original destionation? i.e not a packet clone but a forward
A clone meaning the packet would be duplicated exactly, without any modification, one sent to its intended destination and the other one send to a second destination.
Any idea how this can be done in Mikrotik? Sniffer is not an option as it repacks packets into TZSP.
Port mirroring works but it clones all traffic which adds unwanted network load.
I tried NAT but could not figure out how to do it. I thought NAT would forward the original packet to the NATed destination but not to its original destionation? i.e not a packet clone but a forward
A clone meaning the packet would be duplicated exactly, without any modification, one sent to its intended destination and the other one send to a second destination.
Any idea how this can be done in Mikrotik? Sniffer is not an option as it repacks packets into TZSP.
Re: iptables "-j TEE" functionality needed
I'm also looking to solve this problem, taking all inbound UDP packets on a particular port & sending them on to two destinations.
Re: iptables "-j TEE" functionality needed
Hi.
You need and old router with big memory. Than you need to install 2 meta-router inside.
These metarouters can receive multicast streams, and convert it to unicast stream... one per metarouter.
Two metarouter, two streams.
Best regards: CsXen
You need and old router with big memory. Than you need to install 2 meta-router inside.
These metarouters can receive multicast streams, and convert it to unicast stream... one per metarouter.
Two metarouter, two streams.
Best regards: CsXen
Re: iptables "-j TEE" functionality needed
Sometimes it is inconvenient to use Switch Chip. TEE functionality would be useful.Port mirroring? http://wiki.mikrotik.com/wiki/Manual:Sw ... Rule_Table
Re: iptables "-j TEE" functionality needed
+1 tee functionality would be really good
Who is online
Users browsing this forum: Ahrefs [Bot], lurker888, megabytenet, Pinacolada88, rockstar74 and 33 guests