Netsweeper

From ImageStream Router Documentation

(Difference between revisions)
Jump to: navigation, search
 
Line 10: Line 10:
  iptables -t mangle -L -n -v
  iptables -t mangle -L -n -v
 +
 +
If the rule has been matched, there should also be an arp entry for 10.10.10.1.
 +
 +
arp -n | grep 10.10.10.1

Latest revision as of 15:20, 21 April 2011

ImageStream's current Netsweeper implementation supports using an external policy server, and the xtables jump target tee.

The following configuration assumes that your customer's traffic is coming in on the Ethernet1, and that your NetSweeper Policy Server uses the IP address 10.10.10.1.

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j TEE --gateway 10.10.10.1

This configuration should be used on any router that a customer is using to access the internet.

To check if the match is working use the following command:

iptables -t mangle -L -n -v

If the rule has been matched, there should also be an arp entry for 10.10.10.1.

arp -n | grep 10.10.10.1
Personal tools
Router software releases