* Logging all packets going past an interface when masquerading
@ 2004-01-19 18:41 David Cannings
0 siblings, 0 replies; only message in thread
From: David Cannings @ 2004-01-19 18:41 UTC (permalink / raw)
To: netfilter
Hi,
I've created a chain called COUNTER with rules that have no target. It's
purpose is to simply count packets as they go past interfaces. The rules
in it are created like so:
iptables -A COUNTER -i eth0
I send all packets from the chains INPUT and OUTPUT to this chain and the
counters increment as desired. This works absolutely fine. However, the
machine I am running this on is using masquerading. If I also link to
the COUNTER chain from FORWARD, like..
iptables -I FORWARD -j COUNTER
.. it appears that masqueraded packets are also accounted for. Is this
the case though? By the looks of some crude tests, it seems that the
packet counts/bytes are correct but I'd just like some confirmation that
this is the case and I don't have to also use the PREROUTING/POSTROUTING
in order to count packets coming from the LAN (eth0) and going out across
my ATM link.
Thanks,
David
david [at] edeca [dot] net
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-01-19 18:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-19 18:41 Logging all packets going past an interface when masquerading David Cannings
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox