All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Cannings <lists@edeca.net>
To: netfilter@lists.netfilter.org
Subject: Logging all packets going past an interface when masquerading
Date: Mon, 19 Jan 2004 18:41:00 +0000	[thread overview]
Message-ID: <200401191841.00917.lists@edeca.net> (raw)

Hi,

I've created a chain called COUNTER with rules that have no target.  It's 
purpose is to simply count packets as they go past interfaces.  The rules 
in it are created like so:

iptables -A COUNTER -i eth0

I send all packets from the chains INPUT and OUTPUT to this chain and the 
counters increment as desired.  This works absolutely fine.  However, the 
machine I am running this on is using masquerading.  If I also link to 
the COUNTER chain from FORWARD, like..

iptables -I FORWARD -j COUNTER

.. it appears that masqueraded packets are also accounted for.  Is this 
the case though?  By the looks of some crude tests, it seems that the 
packet counts/bytes are correct but I'd just like some confirmation that 
this is the case and I don't have to also use the PREROUTING/POSTROUTING 
in order to count packets coming from the LAN (eth0) and going out across 
my ATM link.

Thanks,

David
david [at] edeca [dot] net


                 reply	other threads:[~2004-01-19 18:41 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200401191841.00917.lists@edeca.net \
    --to=lists@edeca.net \
    --cc=david@edeca.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.