On Fri, 2004-09-17 at 09:23, KUCKAERTZ Régis - NVISION wrote: > $ iptables -vnxL -t nat; iptables -vnxL -t mangle; iptables -vnxL > > # nat table > Chain PREROUTING (policy ACCEPT 2439 packets, 148991 bytes) > pkts bytes target prot opt in out source > destination > 17 1020 DNAT tcp -- * * 0.0.0.0/0 > $MASK_IP tcp dpt:$MASK_PORT to:$REAL_IP:$REAL_PORT > > Chain POSTROUTING (policy ACCEPT 741 packets, 45651 bytes) > pkts bytes target prot opt in out source > destination > 0 0 SNAT tcp -- * * 0.0.0.0/0 > $REAL_IP tcp dpt:$REAL_PORT to:$MASK_IP > > Chain OUTPUT (policy ACCEPT 741 packets, 45651 bytes) > pkts bytes target prot opt in out source > destination > > # mangle table > Chain PREROUTING (policy ACCEPT 1567265 packets, 1105330580 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 1181535 packets, 615648770 bytes) > pkts bytes target prot opt in out source > destination > > # filter table > Chain INPUT (policy ACCEPT 44233 packets, 9251612 bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > $REAL_IP tcp dpt:$REAL_PORT > > Chain OUTPUT (policy ACCEPT 41927 packets, 30331854 bytes) > pkts bytes target prot opt in out source > destination is it possible that $REAL_IP is a local IP address on the machine running netfilter? the reason i ask is that the packet counters on the FORWARD chain are zero (whereas INPUT and OUTPUT are over 40000). -j -- Jason Opperisano <opie@xxxxxxxxxxx>
