Kamal wrote:
I have the following 2 rules:
iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to
192.168.0.1
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to 192.168.0.2
How can I do accounting on TOTAL number of packets & bytes that pass
through both rules since the packets & bytes that appear when listing
the chain reflect the number of packets creating new connections & not
all the packets that are NAT'ed. Also you can't add a chain in front
of this chain since NAT POSTROUTING is the last chain in a packet
traversal:
Chain POSTROUTING (policy ACCEPT 2593 packets, 1181K bytes)
pkts bytes target prot opt in out source
destination
2259 114K SNAT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.0.1
223K 15M SNAT all -- * eth0 0.0.0.0/0
0.0.0.0/0 to:192.168.0.2
Create a seperate rule in FORWARD that jumps to an empty chain. Put this
rule before the -m state rule(s).
HTH,
M4
