Port Mirroring with IPTables on a Router: Attempting to set this up results in a "No chain/target/match by that name" error

Networking Networking Software
1

My IPTables version is v1.4.12.2 and I am using it on an ASUS RT-AC68R Router.

I’m trying to mirror any packets that go to an IP address to another IP address. TL;DR I’m trying to capture traffic my PS3 both receives and sends.

I found this stackexchange Q&A:

Thus, to clone all incoming and outgoing traffic for pc 192.168.1.15 on your router (say, 192.168.1.1). and redirect to a spying pc 192.168.1.100, use:

 iptables -t mangle -A PREROUTING -d 192.168.1.15 -j TEE --gateway 192.168.1.100
 iptables -t mangle -A PREROUTING -s 192.168.1.15 -j TEE --gateway 192.168.1.100

However, when I run these commands with my own IP addresses, I get this result:

admin@RT-AC68R:/tmp/home/root# iptables -t mangle -A PREROUTING -d 192.168.10.20 -j TEE --gateway 192.168.10.14
iptables: No chain/target/match by that name.

When I try to see the rules on the mangle table:

admin@RT-AC68R:/tmp/home/root# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
MARK       all  --  192.168.1.0/24       192.168.1.0/24      MARK xset 0x1/0x7

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

So table mangle, Chain PREROUTING, IP 192.168.10.20 ,and IP 192.168.10.14 all exist.

I’m not sure if this is due to my version of IPTables being different since I found elsewhere that at some point the ROUTE… thing stopped being used, but that’s not used in the command I used so I don’t know if it applies.

Edit: Well I answered my own question. Seems my IPTables version is old enough to actually use ROUTE.

admin@RT-AC68R:/tmp/home/root# iptables -t mangle -A PREROUTING -d  192.168.1.20 -j ROUTE --gw 192.168.1.14 --tee
admin@RT-AC68R:/tmp/home/root# iptables -t mangle -A PREROUTING -s  192.168.1.20 -j ROUTE --gw 192.168.1.14 --tee
admin@RT-AC68R:/tmp/home/root# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
ROUTE      all  --  anywhere             192.168.1.20        ROUTE gw:192.168.1.14 tee
ROUTE      all  --  192.168.1.20         anywhere            ROUTE gw:192.168.1.14 tee
1 Like