Firewall4 and Tee

hello i usually use iptables tee to do port mirroring

but with the firewall4 we no longer have the option to add the customs rules

how to perform port mirroring in fw4

the usual command is this

iptables -A POSTROUTING -t mangle -o br-lan! -s ipconsolegame -j TEE --gateway ippcmirror
iptables -A PREROUTING -t mangle -i br-lan! -d ipconsolegame -j TEE --gateway ippcmirror

thanks

The nftables solution would be https://wiki.nftables.org/wiki-nftables/index.php/Duplicating_packets

A file like the following in /etc/nftables.d/01-dup.nft should do the job:

chain post_dup {
    type filter hook postrouting priority 250; policy accept;
    oifname br-lan ip saddr != ipconsolegame counter dup to ippcmirror
}

chain pre_dup {
    type filter hook prerouting priority 250; policy accept;
    iifname br-lan ip daddr != ipconsolegame counter dup to ippcmirror
}
2 Likes

ok thanks i will test now and put on solution if has worked

hmmm error i have same lost connexion to internet


Capture d’écran 2022-02-08 à 20.00.19

the error is here dup to ippcmirror
^^^^^^^^^^^^^^^^

Capture d’écran 2022-02-08 à 20.10.47

ok i has just add this rules

and download packages of dlakelan suggere in build nftables kmod-nft-nat

and now seems good

this is the rules

nft add rule mangle prerouting dup to ipconsole ip saddr map { ippcmirror : }


but my console appair only on source not destination