Hi, I've created a chain called COUNTER with rules that have no target. It's purpose is to simply count packets as they go past interfaces. The rules in it are created like so: iptables -A COUNTER -i eth0 I send all packets from the chains INPUT and OUTPUT to this chain and the counters increment as desired. This works absolutely fine. However, the machine I am running this on is using masquerading. If I also link to the COUNTER chain from FORWARD, like.. iptables -I FORWARD -j COUNTER .. it appears that masqueraded packets are also accounted for. Is this the case though? By the looks of some crude tests, it seems that the packet counts/bytes are correct but I'd just like some confirmation that this is the case and I don't have to also use the PREROUTING/POSTROUTING in order to count packets coming from the LAN (eth0) and going out across my ATM link. Thanks, David david [at] edeca [dot] net
