Emulate promiscuous mode with iptables

Question

I am trying to run snort on my home network but I don't have a switch that will mirror a port. Instead I have an Asus RT-N16 with Tomato (dd-wrt) on it. After hours of searching the only solution I found was here: http://www.snort.org/assets/182/snort-opensuse-vbox-ddwrt.txt

Basically they said to create these two iptables rules:

iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.20 --tee

iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.20 --tee

The problem is that --gw isn't a valid flag.

Then I need to create a script that will check to see if the rule exists. If it does, delete the rule. If it doesn't, create the rule.

Should I grep iptables -L -v -n --line-n or should I grep iptables-save?

1. What would the correct iptables syntax be to emulate a promiscuous port to 192.168.1.20?

2. How can I create the script that will turn on the iptables rules if they don't exsit, and delete them if they do?

Thanks,

Ryan

Answer 1

I did this a few months back on Tomato.

You need at least Tomato v1.24, which includes ipt_ROUTE. It is used to enable the -j ROUTE and --tee functionality.

/sbin/modprobe ipt_ROUTE

and then add you iptables rules as you've mentioned above.