< Back: Part 2 - Mirroring Network Traffic
Write your startup script there. Here is a sample of what I use.
#!/bin/sh /etc/rc.common
START=99
start() {
sleep 30 # Make sure FW and iptables have loaded
echo '### STARTING PORT MIRRORING TO [_ipaddress_] ###'
iptables -t mangle -A POSTROUTING -j TEE --gateway [_ipaddress_]
iptables -t mangle -A PREROUTING -j TEE --gateway [_ipaddress_]
}
Replace [_ipaddress_] with your Snort host IP address.
START=99 denotes the order in which scripts execute on boot.
On my OpenWrt firmware, 95 is "done", so 99 ensures the script will load after all other system critical startup scripts run and load.
Save the file.
Make the script executable and enabled on startup.
# chmod +x /etc/init.d/[_script_file_]
# /etc/init.d/[_script_file_] enable
Replace [_script_file_] with the name of the script.
The second line will place a new symlink in /etc/rc.d - e.g., S99[_script_file_].
ls /etc/rc.d and make sure the symlink is created.
Reboot the router and check the Table: Mangle section of the router web UI to make sure it is inserted.
Further reading: OpenWrt Init Scripts Reference