Objective: to copy/send or tee packets coming from enp3s4f1 and send to a destination IP via the enp3s4f0 management/data port
ServerA = enp3s4f1 (connected to a switch1 span port) (no IP address)
enp3s4f0 (connected to switch2 as management/data port)
(IP is 192.168.100.99)
ServerB destination IP = 192.168.100.100 (same IP range)
This is based on commer’s post in LQ below:
http://www.linuxquestions.org/questions/linux-networking-3/how-to-route-forward-packets-in-promiscuous-mode-832698/
- Configure the bridge interface and bind enp3s4f1 into it. Disable Spanning Tree Protocol (STP) if necessary. Bring up the bridge interface
#brctl addbr br0
#brctl stp br0 off
# brctl addif br0 enp3s4f1
#ifconfig br0 up
2. Use ebtables to redirect the mac addresses of incoming packets to machine’s physical device
#ebtables -t broute -A BROUTING -i enp3s4f1 -j redirect –redirect-target DROP
3. Configure static route all expected incoming IP address/subnets
e.g.
#ip route add 192.168.20.192/27 dev enp3s4f1
#ip route add 192.168.20.224/27 dev enp3s4f1
4. Tee the packets (sample filter DCHP packets) and send to 192.168.100.100
#iptables -t mangle -A PREROUTING -i enp3s4f1 -p udp –dport 67:68 –sport 67:68 ! -d 192.168.100.0/24 -j TEE –gateway 192.168.100.100
Note: I configured exceptions on the same destination IP range to avoid double tee
use the command “iptables -t mangle -L -v” to see if tee packets are incrementing
Tested working using CentOS 7