On Tuesday 09 July 2002 2:41 pm, Dotan Lior wrote: > Hello, > > So far it works well, However when I inspect the NAT table with "iptables > -L -t nat -v -n -x", the bytes counter shows extremely low values. I've > transfer a 200Kb file via FTP on the windows client, but the counter was > less than 100 bytes. It seems as if only the first packet of a connection > is listed.
That is correct. Only the first packet goes through the listed NAT rules - the others go directly via the connection tracking table and not through the rules (for efficiency). > Is there a way to see the real bytes count? Also I would to know the number > of bytes that traveled on both ways (from the client and to the client), is > that also possible using iptables? Yes, simply look at the filter table (ie the default one) instead of the NAT table. *All* packets pass through your filtering rules (that's why you need the rules for ESTABLISHED and RELATED packets), so just use iptables -L -n -v -x without the -t nat option. Remember you can create rules without targets if you want to see the packet/byte counters for them without doing anything else: eg iptables -A FORWARD -i eth0 iptables -A FORWARD -i eth1 Antony.
