copy and send (tee) packets from a mirrored interface using iptables and ebtables

Objective: to copy/send or tee packets coming from enp3s4f1 and send to a destination IP via the enp3s4f0 management/data port
ServerA = enp3s4f1 (connected to a switch1 span port) (no IP address)
enp3s4f0  (connected to switch2 as management/data port)
(IP is
ServerB destination IP =  (same IP range)

This is based on commer’s post in LQ below:

  1. Configure  the bridge interface and bind enp3s4f1  into it. Disable Spanning Tree Protocol (STP) if necessary. Bring up the bridge interface

#brctl addbr br0
#brctl stp br0 off
# brctl addif br0 enp3s4f1
#ifconfig br0 up

2. Use ebtables to redirect the mac addresses of incoming packets to machine’s physical device

#ebtables -t broute -A BROUTING -i enp3s4f1 -j redirect –redirect-target DROP

3. Configure static route all expected incoming IP address/subnets

#ip route add dev enp3s4f1
#ip route add dev enp3s4f1

4. Tee the packets (sample filter DCHP packets) and send to

#iptables -t mangle -A PREROUTING -i enp3s4f1 -p udp –dport 67:68 –sport 67:68 ! -d -j TEE –gateway

Note: I configured exceptions on the same destination IP range to avoid double tee
use the command “iptables -t mangle -L -v” to see if tee packets are incrementing

Tested working using CentOS 7

About the author

Free Linux

View all posts

1 Comment

  • I have new requirement using the iptables/ebtables

    1. Receiving multicast stream with on
    an eth0 interface.

    2. Now i want forward the same stream( to diff interfaces eth1 , eth2.

    3. Please suggest your inputs

Leave a Reply