Port Mirroring - Specific IP

General questions
1

Hello,

I installed a SeucirtyOnion “Evaluation Instance”, i wish to make a traffic forwarding on a specific IP in the DMZ ZONE.

FIREWALL

Blockquote
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN-WAN {
default-action accept
}
name WAN-LAN {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}

INT :

Blockquote
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 08:00:27:1d:88:6f
smp-affinity auto
speed auto
traffic-policy {
}
}
ethernet eth1 {
address 172.16.0.1/24
duplex auto
hw-id 08:00:27:8f:dc:fc
smp-affinity auto
speed auto
traffic-policy {
}
}
ethernet eth2 {
address 172.20.0.1/24
duplex auto
hw-id 08:00:27:19:a2:5d
smp-affinity auto
speed auto
}
loopback lo {
}
}

ZONE :

Blockquote
zone-policy {
zone DMZ {
default-action drop
from LAN {
firewall {
}
}
interface eth2
}
zone LAN {
default-action drop
from DMZ {
}
from WAN {
firewall {
name WAN-LAN
}
}
interface eth1
}
zone WAN {
default-action drop
from LAN {
firewall {
name LAN-WAN
}
}
interface eth0
}
}

Thanks in advance.

2

Sorry but what is you question exactly? This is not clear.

Your title state “port mirroring” while in the body you speak about “traffic forwarding”.

Forwarding has a very specific meaning in the context of networking.

3

Hello Jeff,

Yes because i understand that Port Fowarding = Port Mirroring.

In fact i wish send all trafic from a ethernet interface to a specific VM in the LAN configured on my Vyos LAB.

Thanks in advance.

4

No, forwarding refers to the process of transferring a packet received on a interface out on another interface (what people usually refer as routing)

Mirroring is duplicating the traffic received and/or sent through an interface to another interface for the purpose of analyzing it. It is some time referred as “SPAN” (setting a SPAN port).

VyOs allow for mirroring the ingress (incoming) traffic on an interface to another interface, not to a specific IP address. This is due to the fact the destination IP address is kept in the mirroring process and sending the traffic to a destination address would require to encapsulate this traffic, which may require fragmentation and this would modify the traffic.

So you need to have an interface dedicated for this on your VyOs and on your analyzing device, connected together.

5

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.