RE: IPTables counters

[George Vieira]

Title: IPTables counters

What I do is put the rule you want to count in the FORWARD chain... even better use my counting method to be more accurate..

 

$IPTABLES -N COUNT

$IPTABLES -I INPUT 1 -j COUNT

$IPTABLES -I OUTPUT 1 -j COUNT

$IPTABLES -I FORWARD 1 -j COUNT

 

then add all you counters you require into the COUNT chain.. this is what I'm currently doing for my scripts.. Also I'm rewriting my script to only flush all chains BUT my counters so I don't lose them when I rerun my firewall.. still in testing.......

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au

-----Original Message-----
From: Dotan Lior [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 09 July 2002 11:41 PM
To: '[EMAIL PROTECTED]'
Subject: IPTables counters

Hello,

I have a simple setup. A linux RH7.3 box doing NAT and connected to the internet with one windows2000 client sitting behind it. I've set up iptables to NAT the windows internal address to a legal IP address.

So far it works well, However when I inspect the NAT table with "iptables -L -t nat -v -n -x",
the bytes counter shows extremely low values. I've transfer a 200Kb file via FTP on the windows
client, but the counter was less than 100 bytes. It seems as if only the first packet of a connection
is listed.
Is there a way to see the real bytes count? Also I would to know the number of bytes that traveled
on both ways (from the client and to the client), is that also possible using iptables?

Thanks.