On Sat, 25 Aug 2012 16:06:57 +0000 (UTC) Fréderich Nord <fn...@i2pmail.org> wrote:
> On Fri, 24 Aug 2012 12:33:51 +0000 (UTC) > Fréderich Nord <fn...@i2pmail.org> wrote: > > > However, now I want add another function namely "post iptables port > > mirroring." So traffic comes in from the provider to either veth0 or > > veth1. Then I want to filter it using iptables and only then I want > > the data which has not been dropped or rejected to be mirrored to > > another port (vmir0) for use with Snort. > > > > The question is, how can I do this? Are there better ways to handle > > a situation like mine? > > After roaming Google's search results with so many keywords I found > the answer to the second question: "yes, use openFlow." And after many days of contemplation I think I got a sensible answer: "Don't use a device for other purposes than for which it was designed" My initial plan was eth0 -> switch -> iptables -> switch -> mirror. But I couldn't find any way to manage this. So instead I did this: eth0 -> domU -> firewall -> dom0 -> switch -> mirror Problem solved but unfortunately this slows down the optimal speed of the network; domU -> switch -> dom0 -> firewall -> internet is now much slower. Still, it seems like a better solution. I did received one reply from Gurucharan Shetty, thanks for that. Unfortunately I couldn't find clues in the manual page for my initial plan. Cheers, Fréderich. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
