On Mon, Sep 30, 2019 at 03:12:49PM +0200, Vieri Di Paola wrote: > On Mon, Sep 30, 2019 at 2:33 PM Lennart Sorensen > <lsore...@csclub.uwaterloo.ca> wrote: > > > > iptables -t mangle -I PREROUTING -i enp5s0.11 -j TEE --gateway > > > 10.215.144.7 > > > > That rule says traffic from enp5s0.11. Traffic from the firewall itself > > would not match that rule. > > What would be the rule for traffic from the firewall itself, but only > to the network behind enp5s0.11?
I think something like: iptables -t mangle -I PREROUTING -o enp5s0.11 -j TEE --gateway 10.215.144.7 Might need '-i lo' as well to make it only traffic from the firewall that counts although you might actually want traffic from elsewhere mirrored too I would imagine. -- Len Sorensen _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
