Mirroring data flows

Tue Jun 22 19:48:51 UTC 2021

See the iptables -j TEE policy for cloning the packet on the local
network to send it to another unbound DNS server as well as the
original unbound DNS server:


     TEE

     The TEE target will clone a packet and redirect this clone to another
     machine on the local network segment. In other words, the nexthop
     must be the target, or you will have to configure the nexthop to
     forward it further if so desired.

     --gateway ipaddr

     Send the cloned packet to the host reachable at the given IP
     address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.

     To forward all incoming traffic on eth0 to an Network Layer logging box:

     -t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1


Paul