Ok here are 2 consecutives saves while trying to access the web server. root@charz-server:/home/charz# iptables-save -c # Generated by iptables-save v1.3.6 on Tue Jul 8 15:23:36 2008 *nat :PREROUTING ACCEPT [1287:172779] :POSTROUTING ACCEPT [39:5989] :OUTPUT ACCEPT [41:6213] [2:128] -A PREROUTING -d 10.0.1.192 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.10.1 [0:0] -A POSTROUTING -s 10.0.10.1 -o eth0 -p tcp -m tcp --sport 80 -j SNAT --to-source 10.0.1.192 COMMIT # Completed on Tue Jul 8 15:23:36 2008 # Generated by iptables-save v1.3.6 on Tue Jul 8 15:23:36 2008 *filter :INPUT ACCEPT [7829:710453] :FORWARD ACCEPT [1:48] :OUTPUT ACCEPT [3244:550936] :fail2ban-ssh - [0:0] :spa - [0:0] [19:1008] -A FORWARD -d 10.0.10.1 -i eth0 -o eth1 -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A FORWARD -s 10.0.10.1 -i eth1 -o eth0 -p tcp -m tcp --sport 80 -j ACCEPT COMMIT # Completed on Tue Jul 8 15:23:36 2008 ------------------------------------------------------------------------------------------------------------------------------------------ root@charz-server:/home/charz# iptables-save -c # Generated by iptables-save v1.3.6 on Tue Jul 8 15:23:38 2008 *nat :PREROUTING ACCEPT [1288:172897] :POSTROUTING ACCEPT [39:5989] :OUTPUT ACCEPT [41:6213] [2:128] -A PREROUTING -d 10.0.1.192 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.10.1 [0:0] -A POSTROUTING -s 10.0.10.1 -o eth0 -p tcp -m tcp --sport 80 -j SNAT --to-source 10.0.1.192 COMMIT # Completed on Tue Jul 8 15:23:38 2008 # Generated by iptables-save v1.3.6 on Tue Jul 8 15:23:38 2008 *filter :INPUT ACCEPT [7844:711502] :FORWARD ACCEPT [1:48] :OUTPUT ACCEPT [3254:553344] :fail2ban-ssh - [0:0] :spa - [0:0] [19:1008] -A FORWARD -d 10.0.10.1 -i eth0 -o eth1 -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A FORWARD -s 10.0.10.1 -i eth1 -o eth0 -p tcp -m tcp --sport 80 -j ACCEPT COMMIT # Completed on Tue Jul 8 15:23:38 2008 On Wed, Jul 9, 2008 at 3:20 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > On 07/08/08 14:40, Charles Romestant wrote: >> >> ok it was set to 0, but changing it did not do anything, here is the >> iptables-save output > > *nod* > > Uh, can I (re)ask for an iptables-save, but this time with a "-c" added to > the end of it so that it will include packet counters? (I forgot that > iptables-save does not show packet counts like iptables -L. Sorry.) > >> Again , thank you for your help > > *nod* > > You are welcome. > > > > Grant. . . . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Charz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
