iptables "-j TEE" functionality needed

NoX · February 24, 2016, 2:41am

I have 951Ui-2HnD with OS v6.34.2 installed. Really need to redirect/clone broadcast packets, coming from LAN on specified UDP port to specified address behind some router. IP->Firewall->Mangle rules does not have “Action” that can do it. There is almost similar actions: “sniff PC” and “sniff TZSP”, but them is not just routing the packet itself, but transferring packet by Wireshark protocol, which is not what I need. For better understanding I will bring 2 examples of solving the task in other systems:

Linux iptables:
iptables -t mangle -A PREROUTING -i br0 -m addrtype --dst-type BROADCAST -p udp -m udp --dport 475 -j TEE --gateway 172.16.250.10
(not flexible solution: will clone a packet and redirect this clone to another machine on the local network segment, in other words, can not route cloned packet (but in worst case, I can try to adopt this))

cisco ios:
interface GigabitEthernet0/0
ip helper-address 172.16.250.10
!
ip forward-protocol udp 475
(not flexible solution: it can redirects only broadcasts (but still enough for my specific task))

But we have only RB951Ui-2HnD there, so I need to do redirect with Mikrotik. I think I need to post a feature request somewhere…

changeip · February 24, 2016, 3:07am

use NAT not mangle.

NoX · February 24, 2016, 3:28am

I’ve tried. NAT isn’t working because broadcasts is not coming to NAT chains.

coylh · February 24, 2016, 8:32am

Port mirroring? http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Rule_Table

changeip · February 24, 2016, 8:28pm

I have done this myself in the past and it works. You might need to modify your selections - post your rules you tried and the src:port → dst:port pairs so we can see.

CateFul · March 6, 2018, 2:50am

Sorry for resurrecting an old thread but I second the OP’s request.
Port mirroring works but it clones all traffic which adds unwanted network load.
I tried NAT but could not figure out how to do it. I thought NAT would forward the original packet to the NATed destination but not to its original destionation? i.e not a packet clone but a forward
A clone meaning the packet would be duplicated exactly, without any modification, one sent to its intended destination and the other one send to a second destination.

Any idea how this can be done in Mikrotik? Sniffer is not an option as it repacks packets into TZSP.

kiwibrew · August 19, 2019, 5:27am

I’m also looking to solve this problem, taking all inbound UDP packets on a particular port & sending them on to two destinations.

CsXen · October 15, 2019, 8:37pm

Hi.
You need and old router with big memory. Than you need to install 2 meta-router inside.
These metarouters can receive multicast streams, and convert it to unicast stream… one per metarouter.
Two metarouter, two streams.

Best regards: CsXen

PandaArea · February 20, 2020, 4:10am

UP，need tee。

PandaArea · March 20, 2020, 4:55pm

+1
tee

PandaArea · April 12, 2020, 8:18am

+1 tee

asy · July 18, 2020, 8:33am

Sometimes it is inconvenient to use Switch Chip. TEE functionality would be useful.

RealMcCoy · April 6, 2023, 4:25am

+1 tee functionality would be really good