I have the following 2 rules: iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to 192.168.0.1 iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to 192.168.0.2 How can I do accounting on TOTAL number of packets & bytes that pass through both rules since the packets & bytes that appear when listing the chain reflect the number of packets creating new connections & not all the packets that are NAT'ed. Also you can't add a chain in front of this chain since NAT POSTROUTING is the last chain in a packet traversal: Chain POSTROUTING (policy ACCEPT 2593 packets, 1181K bytes) pkts bytes target prot opt in out source destination 2259 114K SNAT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.1 223K 15M SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:192.168.0.2
