Linux – iptables to forward/duplicate/mirror locally generated UDP traffic


I'm running a program on a Raspberry Pi that reads data from sensors and sends that data to a server via UDP.
To debug and monitor this data I redirected this UDP data to my PC by using iptables on the Raspberry Pi:

sudo iptables -t nat -A OUTPUT -p udp -d --dport 4000 -j DNAT --to-destination

The IP-adresses used are – Server – PC used for debugging.

This works well. However, the data only gets to the PC but not to the server any more.

So I've tried to copy and forward the UDP data to both the PC and the server using something like this:

sudo iptables -t mangle -A POSTROUTING -p udp -d --dport 4000 -j TEE --gateway

I've used different combinations of parameters like mangle/nat, POSTROUTING/OUTPUT/PREROUTING etc.

So far I did not manage to send the data to both destinations.
As the data is generated locally I assumed that -A OUTPUT should work. But apperenty I'm missing something…

Also, I can clear the iptables rules using

sudo iptables -F
sudo iptables -X

But the rule still is executed and I have to reboot the Raspberry Pi to start from scratch.

So there are two questions:

How does duplicating and forwarding of locally generated data work?
How are rules cleared effectively?

The examples I've found so far all apply to incoming/outgoing traffic but not to locally generated data.

Best Answer

Now - by accident - I've found a solution:

sudo sysctl -w net.ipv4.ip_forward=1

sudo iptables -t nat -A OUTPUT -p udp -d --dport 4000 -j DNAT --to-destination

sudo iptables -t mangle -A POSTROUTING -p udp -d --dport 4000 -j TEE --gateway

This works well, however it seems to be unnecessarily complicated as I expected that this should be possible with a single rule.

Maybe someone has an idea about how to simplify this.

Related Topic