OpenWrt Forum Archive

Topic: iptables --tee

The content of this topic has been archived on 5 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

My router:
Router Model    NETGEAR WNDR3700v2
Firmware Version: OpenWrt Firmware Attitude Adjustment (r28314) /LuCI Trunk (trunk+svn7576)
Kernel Version    2.6.39.4

I would like to copy traffic from my ATA to my desktop PC. I used following commands but I get errors:

iptables -A POSTROUTING -t mangle -d 192.168.0.226 -j ROUTE --gw 192.168.0.133 --tee

error: iptables v1.4.10: unknown option `--gw'

iptables -A POSTROUTING -t mangle -d 192.168.0.226 -j ROUTE --gateway 192.168.0.133 --tee

error: iptables v1.4.10: unknown option `--gateway'

iptables -A PREROUTING -t mangle -d 192.168.0.226  -j TEE --gateway 192.168.0.133

error: iptables: No chain/target/match by that name.

/root$ dmesg
Linux version 2.6.39.4 (openwrt@OpenWRTBuild) (gcc version 4.5.4 20110808 (prerelease) (Linaro GCC 4.5-2011.08) ) #1 Thu Sep 29 07:47:38 MST 2011
prom: fw_arg0=00000006, fw_arg1=a3f6bfb0, fw_arg2=a3f6c450, fw_arg3=00000010
MyLoader: sysp=aaaa5554, boardp=aaaa5554, parts=aaaa5554
bootconsole [early0] enabled
CPU revision is: 00019374 (MIPS 24Kc)
SoC: Atheros AR7161 rev 2
Clocks: CPU:680.000MHz, DDR:340.000MHz, AHB:170.000MHz, Ref:40.000MHz
Determined physical RAM map:
 memory: 04000000 @ 00000000 (usable)
Initrd not found or empty - disabling initrd
Zone PFN ranges:
  Normal   0x00000000 -> 0x00004000
Movable zone start PFN for each node
early_node_map[1] active PFN ranges
    0: 0x00000000 -> 0x00004000
On node 0 totalpages: 16384
free_area_init_node: node 0, pgdat 802d1300, node_mem_map 81000000
  Normal zone: 128 pages used for memmap
  Normal zone: 0 pages reserved
  Normal zone: 16256 pages, LIFO batch:3
pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
pcpu-alloc: [0] 0 
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
Kernel command line:  board=WNDR3700v2 console=ttyS0,115200 mtdparts=spi0.0:320k(u-boot)ro,128k(u-boot-env)ro,1024k(kernel),14848k(rootfs),64k(art)ro,15872k@0x70000(firmware) rootfstype=squashfs,jffs2 noinitrd
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
Writing ErrCtl register=00000000
Readback ErrCtl register=00000000
Memory: 61756k/65536k available (2105k kernel code, 3780k reserved, 396k data, 180k init, 0k highmem)
SLUB: Genslabs=9, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:80
Calibrating delay loop... 452.19 BogoMIPS (lpj=2260992)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
NET: Registered protocol family 16
MIPS: machine is NETGEAR WNDR3700v2
registering PCI controller with io_map_base unset
bio: create slab <bio-0> at 0
pci 0000:00:00.0: [0700:1107] type 0 class 0x000000
pci 0000:00:00.0: reg 10: [mem 0x00000000-0x0fffffff pref]
pci 0000:00:00.0: reg 14: [io  0x0000-0x00ff]
pci 0000:00:00.0: supports D1 D2
pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot
pci 0000:00:00.0: PME# disabled
pci 0000:00:11.0: [168c:ff1d] type 0 class 0x000200
pci 0000:00:11.0: fixup device configuration
pci 0000:00:11.0: reg 10: [mem 0x00000000-0x0000ffff]
pci 0000:00:11.0: PME# supported from D0 D3hot
pci 0000:00:11.0: PME# disabled
pci 0000:00:12.0: [168c:ff1d] type 0 class 0x000200
pci 0000:00:12.0: fixup device configuration
pci 0000:00:12.0: reg 10: [mem 0x00000000-0x0000ffff]
pci 0000:00:12.0: PME# supported from D0 D3hot
pci 0000:00:12.0: PME# disabled
pci 0000:00:11.0: BAR 0: assigned [mem 0x10000000-0x1000ffff]
pci 0000:00:11.0: BAR 0: set to [mem 0x10000000-0x1000ffff] (PCI address [0x10000000-0x1000ffff])
pci 0000:00:12.0: BAR 0: assigned [mem 0x10010000-0x1001ffff]
pci 0000:00:12.0: BAR 0: set to [mem 0x10010000-0x1001ffff] (PCI address [0x10010000-0x1001ffff])
PCI: mapping irq 72 to pin1@0000:00:11.0
PCI: mapping irq 73 to pin1@0000:00:12.0
Switching to clocksource MIPS
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
PCI: CLS 0 bytes, default 32
squashfs: version 4.0 (2009/01/31) Phillip Lougher
JFFS2 version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
msgmni has been set to 120
io scheduler noop registered
io scheduler deadline registered (default)
Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0x18020000 (irq = 11) is a 16550A
console [ttyS0] enabled, bootconsole disabled
Atheros AR71xx SPI Controller driver version 0.2.4
m25p80 spi0.0: found mx25l12805d, expected m25p80
m25p80 spi0.0: mx25l12805d (16384 Kbytes)
6 cmdlinepart partitions found on MTD device spi0.0
Creating 6 MTD partitions on "spi0.0":
0x000000000000-0x000000050000 : "u-boot"
0x000000050000-0x000000070000 : "u-boot-env"
0x000000070000-0x000000170000 : "kernel"
0x000000170000-0x000000ff0000 : "rootfs"
mtd: partition "rootfs" set to be root filesystem
mtd: partition "rootfs_data" created automatically, ofs=2E0000, len=D10000 
0x0000002e0000-0x000000ff0000 : "rootfs_data"
0x000000ff0000-0x000001000000 : "art"
0x000000070000-0x000000ff0000 : "firmware"
Realtek RTL8366S ethernet switch driver version 0.2.2
rtl8366s rtl8366s: using GPIO pins 5 (SDA) and 7 (SCK)
rtl8366s rtl8366s: RTL8366 ver. 1 chip found
rtl8366s: probed
eth0: Atheros AG71xx at 0xb9000000, irq 4
eth0: using fixed link parameters
eth1: Atheros AG71xx at 0xba000000, irq 5
eth1: connected to PHY at rtl8366s:04 [uid=001cc960, driver=Generic PHY]
Atheros AR71xx hardware watchdog driver version 0.1.0
ar71xx-wdt: timeout=15 secs (max=25)
TCP westwood registered
NET: Registered protocol family 17
Bridge firewalling registered
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
Freeing unused kernel memory: 180k freed
input: gpio-keys-polled as /devices/platform/gpio-keys-polled/input/input0
Button Hotplug driver version 0.4.1
ar71xx: pll_reg 0xb8050010: 0x11110000
eth0: link up (1000Mbps/Full duplex)
Registered led device: wndr3700:green:power
Registered led device: wndr3700:orange:power
Registered led device: wndr3700:green:wps
Registered led device: wndr3700:orange:wps
Registered led device: wndr3700:green:wan
JFFS2 notice: (396) jffs2_build_xattr_subsystem: complete building xattr subsystem, 16 of xdatum (1 unchecked, 15 orphan) and 32 of xref (0 dead, 19 orphan) found.
eth0: link down
ar71xx: pll_reg 0xb8050010: 0x11110000
eth0: link up (1000Mbps/Full duplex)
device eth0.1 entered promiscuous mode
device eth0 entered promiscuous mode
br-lan: port 1(eth0.1) entering forwarding state
br-lan: port 1(eth0.1) entering forwarding state
PPP generic driver version 2.4.2
NET: Registered protocol family 24
Compat-wireless backport release: compat-wireless-2011-08-25
Backport based on wireless-testing.git master-2011-09-14
cfg80211: Calling CRDA to update world regulatory domain
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
ar71xx: pll_reg 0xb8050014: 0x1099
eth1: link up (100Mbps/Full duplex)
cfg80211: World regulatory domain updated:
cfg80211:     (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211:     (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
PCI: Enabling device 0000:00:11.0 (0000 -> 0002)
ath: EEPROM regdomain: 0x0
ath: EEPROM indicates default country code should be used
ath: doing EEPROM country->regdmn map search
ath: country maps to regdmn code: 0x3a
ath: Country alpha2 being used: US
ath: Regpair used: 0x3a
ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
Registered led device: ath9k-phy0
ieee80211 phy0: Atheros AR9280 Rev:2 mem=0xb0000000, irq=72
PCI: Enabling device 0000:00:12.0 (0000 -> 0002)
ath: eeprom contains invalid mac address: ff:ff:ff:ff:ff:ff
ath: random mac address will be used: 62:ad:0f:dd:1e:e0
ath: EEPROM regdomain: 0x0
ath: EEPROM indicates default country code should be used
ath: doing EEPROM country->regdmn map search
ath: country maps to regdmn code: 0x3a
ath: Country alpha2 being used: US
ath: Regpair used: 0x3a
ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
Registered led device: ath9k-phy1
ieee80211 phy1: Atheros AR9280 Rev:2 mem=0xb0010000, irq=73
cfg80211: Calling CRDA for country: US
ip_tables: (C) 2000-2006 Netfilter Core Team
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
ar71xx-ehci ar71xx-ehci: Atheros AR71xx built-in EHCI controller
ar71xx-ehci ar71xx-ehci: new USB bus registered, assigned bus number 1
ar71xx-ehci ar71xx-ehci: irq 3, io mem 0x1b000000
ar71xx-ehci ar71xx-ehci: USB 2.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
nf_conntrack version 0.5.0 (967 buckets, 3868 max)
cfg80211: Regulatory domain changed to country: US
cfg80211:     (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211:     (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm)
cfg80211:     (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm)
cfg80211:     (5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (5490000 KHz - 5600000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (5650000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:     (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm)
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
ar71xx-ohci ar71xx-ohci: Atheros AR71xx built-in OHCI controller
ar71xx-ohci ar71xx-ohci: new USB bus registered, assigned bus number 2
ar71xx-ohci ar71xx-ohci: irq 14, io mem 0x1c000000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
cfg80211: Calling CRDA for country: BE
cfg80211: Regulatory domain changed to country: BE
cfg80211:     (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211:     (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm)
cfg80211:     (5170000 KHz - 5250000 KHz @ 40000 KHz), (N/A, 2000 mBm)
cfg80211:     (5250000 KHz - 5330000 KHz @ 40000 KHz), (N/A, 2000 mBm)
cfg80211:     (5490000 KHz - 5710000 KHz @ 40000 KHz), (N/A, 2700 mBm)
device wlan0 entered promiscuous mode
br-lan: port 2(wlan0) entering forwarding state
br-lan: port 2(wlan0) entering forwarding state
device wlan0 left promiscuous mode
br-lan: port 2(wlan0) entering forwarding state
device wlan0 entered promiscuous mode
br-lan: port 2(wlan0) entering forwarding state
br-lan: port 2(wlan0) entering forwarding state
ar71xx-wdt: enabling watchdog timer
xt_TEE: Unknown symbol ip6_local_out (err 0)
xt_TEE: Unknown symbol ip6_route_output (err 0)

The last 2 rules of the output form dmesg are:
xt_TEE: Unknown symbol ip6_local_out (err 0)
xt_TEE: Unknown symbol ip6_route_output (err 0)

Can someone tell me which additional packets I have to install, so I can analyse traffic from my ATA on my desktop PC with WireShark?

Ok,

the --tee option was used in previous versions of Iptables. The latest trunk version use iptables 1.4.10 so the –j TEE extension must be used.

iptables -t mangle -A PREROUTING -d 192.168.0.226  -j TEE --gateway 192.168.0.133

error: iptables: No chain/target/match by that name.

So the the TEE extension is not recognized. I've read some other forums and the answer for the same problem was:
install the kernel module for xt_TEE (modprobe xt_TEE). But the kernel module kmod-ipt-tee is installed.

/$ opkg list-installed
base-files - 81-r28314
busybox - 1.18.5-1
crda - 1.1.1-1
dnsmasq - 2.57-2
dropbear - 0.53.1-4
firewall - 2-35
hotplug2 - 1.0-beta-4
ip - 2.6.35-3
iptables - 1.4.10-4
iptables-mod-conntrack - 1.4.10-4
iptables-mod-nat - 1.4.10-4
iptables-mod-tee - 1.4.10-4
iw - 0.9.22-2
kernel - 2.6.39.4-1
kmod-ath - 2.6.39.4+2011-09-14-1
kmod-ath9k - 2.6.39.4+2011-09-14-1
kmod-ath9k-common - 2.6.39.4+2011-09-14-1
kmod-button-hotplug - 2.6.39.4-3
kmod-cfg80211 - 2.6.39.4+2011-09-14-1
kmod-crc-ccitt - 2.6.39.4-1
kmod-crypto-aes - 2.6.39.4-1
kmod-crypto-arc4 - 2.6.39.4-1
kmod-crypto-core - 2.6.39.4-1
kmod-input-core - 2.6.39.4-1
kmod-input-gpio-keys-polled - 2.6.39.4-1
kmod-input-polldev - 2.6.39.4-1
kmod-ipt-conntrack - 2.6.39.4-1
kmod-ipt-core - 2.6.39.4-1
kmod-ipt-nat - 2.6.39.4-1
kmod-ipt-nathelper - 2.6.39.4-1
kmod-ipt-tee - 2.6.39.4-1
kmod-leds-gpio - 2.6.39.4-1
kmod-ledtrig-usbdev - 2.6.39.4-1
kmod-mac80211 - 2.6.39.4+2011-09-14-1
kmod-nls-base - 2.6.39.4-1
kmod-ppp - 2.6.39.4-1
kmod-pppoe - 2.6.39.4-1
kmod-sched - 2.6.39.4-1
kmod-usb-core - 2.6.39.4-1
kmod-usb-ohci - 2.6.39.4-1
kmod-usb2 - 2.6.39.4-1
libc - 0.9.32-81
libgcc - 4.5-linaro-81
libip4tc - 1.4.10-4
libip6tc - 1.4.10-4
libiptc - 1.4.10-4
libiwinfo - 16
liblua - 5.1.4-8
libnl-tiny - 0.1-2
libuci - 2011-07-18.3-1
libuci-lua - 2011-07-18.3-1
libxtables - 1.4.10-4
lua - 5.1.4-8
luci - trunk+svn7576-1
luci-app-firewall - trunk+svn7576-1
luci-i18n-english - trunk+svn7576-1
luci-lib-core - trunk+svn7576-1
luci-lib-ipkg - trunk+svn7576-1
luci-lib-lmo - trunk+svn7576-1
luci-lib-nixio - trunk+svn7576-1
luci-lib-sys - trunk+svn7576-1
luci-lib-web - trunk+svn7576-1
luci-mod-admin-core - trunk+svn7576-1
luci-mod-admin-full - trunk+svn7576-1
luci-sgi-cgi - trunk+svn7576-1
luci-theme-base - trunk+svn7576-1
luci-theme-openwrt - trunk+svn7576-1
mtd - 16
opkg - 618-1
ppp - 2.4.5-1
ppp-mod-pppoe - 2.4.5-1
swconfig - 9
tc - 2.6.35-3
uci - 2011-07-18.3-1
uhttpd - 27
wireless-tools - 29-4
wpad-mini - 20110527-2

Why IPv6? I don't use IPv6 adresses.

Can anyone help me please?

(Last edited by TomVH on 11 Oct 2011, 08:57)

Solved:

Install ip6tables.

Why?: I don't now.

(Last edited by TomVH on 11 Oct 2011, 23:02)

The discussion might have continued from here.