Netsweeper

From ImageStream Router Documentation

(Difference between revisions)
Jump to: navigation, search
Line 10: Line 10:
  iptables -t mangle -L -n -v
  iptables -t mangle -L -n -v
 +
Chain PREROUTING (policy ACCEPT 2258K packets, 2824M bytes)
 +
pkts bytes target    prot opt in    out    source              destination
 +
328K  65M TEE        all  --  eth1  *      0.0.0.0/0            0.0.0.0/0      TEE gw:10.10.10.1

Revision as of 15:15, 21 April 2011

ImageStream's current Netsweeper implementation supports using an external policy server, and the xtables jump target tee.

The following configuration assumes that your customer's traffic is coming in on the Ethernet1, and that your NetSweeper Policy Server uses the IP address 10.10.10.1.

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j TEE --gateway 10.10.10.1

This configuration should be used on any router that a customer is using to access the internet.

To check if the match is working use the following command:

iptables -t mangle -L -n -v
Chain PREROUTING (policy ACCEPT 2258K packets, 2824M bytes)
pkts bytes target     prot opt in     out     source               destination
328K   65M TEE        all  --  eth1   *       0.0.0.0/0            0.0.0.0/0      TEE gw:10.10.10.1
Personal tools
Router software releases