On Fri, 24 Aug 2012 12:33:51 +0000 (UTC) Fréderich Nord <[email protected]> wrote:
> However, now I want add another function namely "post iptables port > mirroring." So traffic comes in from the provider to either veth0 or > veth1. Then I want to filter it using iptables and only then I want > the data which has not been dropped or rejected to be mirrored to > another port (vmir0) for use with Snort. > > The question is, how can I do this? Are there better ways to handle a > situation like mine? After roaming Google's search results with so many keywords I found the answer to the second question: "yes, use openFlow." In particular the email that can be found here seems to contain a fairly similar question: http://www.mail-archive.com/[email protected]/msg03464.html Oliver asked how he could use efficient openflow rules to filter certain traffic. Ben replied with this suggestion: > You don't need a table per VM. Use table 0 to check your ingress > rules and resubmit to table 1 if they pass. Use table 1 to check > egress rules and forward to the destination if they pass. I am interested to learn how I can do this so that I can filter ingress and egress on the eth0 port. Perhaps I can extend this later for traffic between ports of the internal hosts. But how do tables work in the openvswitch sense? I would appreciate it if someone can help me with examples regarding this idea, using OpenVSwitch of course: * explicitly accept traffic from eth0 (my ISP) to IP A, B, C and vice versa; * drop all other traffic; * Mirror (copy, duplicate) all accepted traffic to one certain port so that it can be analysed (using Snort in my case). * Suggestions for how to handle DNAT/SNAT, which still requires iptables if i understand correctly. Sadly I have not received a reply to my other emails but I really hope someone is willing to help me out. Or please tell me if I am asking the wrong questions. OpenVSwitch interests me, I am eager to learn more, and I will be appreciative of any help I can get. So I would be much obliged. Kind regards, Fréderich. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
