- 论坛徽章:
- 0
|
我现在发一个三层的转发包,nat表里面没有任何统计,数据包也没有做nat
但是连接跟踪,forward链,mangle表的postrouting链都有统计
就是nat表没有任何的统计
是什么原因啊,会不会是我编译的内核有问题,有些选项没有加上呢
连接跟踪的信息:
# cat proc/net/ip_conntrackipv4_confirm tdt hooknum:4
udp 17 26 src=192.168.100.18 dst=192.10.1.2 sport=5000 dport=5001 packets=1 bytes=32 [UNREPLIED] src=192.10.1.2 dst=192.168.100.18 sport=5001 dport=5000 packets=0 bytes=0 mark=0 use=2
iptables -vL
Chain INPUT (policy ACCEPT 1 packets, 238 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 64 ACCEPT 0 -- any any 192.168.100.18 anywhere
Chain OUTPUT (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 5 packets, 1190 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- any any 192.168.100.18 anywhere
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT 0 -- any wan4 anywhere anywhere to:192.10.1.1
0 0 ACCEPT 0â-- any any 192.168.100.18 anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
iptables -t mangle -vL
Chain PREROUTING (policy ACCEPT 10 packets, 938 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 3 packets, 714 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 7 packets, 224 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 420 bytes)
pkts bytes target prBpt in out source destination
Chain POSTROUTING (policy ACCEPT 7 packets, 420 bytes)
pkts bytes target prot opt in out source destination
4 128 ACCEPT 0 -- any any 192.168.100.18 anywhere |
|
免费注册
发表于 2009-08-27 17:39