5

Possible Duplicate:
Don’t understand [0:0] iptable syntax

My server is Red Hat Enterprise Linux Server release 5.

I'm not an expert in Linux iptables firewall. I've the following entries in iptables:

[root@myserver ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Mon Sep 14 20:04:30 2009
*nat
:PREROUTING ACCEPT [10934:1556118]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [111392:6686084]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 5050
-A POSTROUTING -j MASQUERADE
-A OUTPUT -d 192.168.0.200 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.200:5050
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:5050
COMMIT
# Completed on Mon Sep 14 20:04:30 2009

What does the value range in the bracket mean? For example, here: PREROUTING ACCEPT [10934:1556118], what does the range 10934:1556118 mean?

Community
  • 1
Gnanam
  • 1,479
  • 13
  • 27
  • 32

2 Answers2

4

It is packet and byte counters, try this:

iptables -nvL OUTPUT

PREROUTING

Address translation occurs before routing. Facilitates the transformation of the destination IP address to be compatible with the firewall's routing table. Used with NAT of the destination IP address, also known as destination NAT or DNAT.

Prix
  • 5,081
  • Thanks for that information. On executing iptables -nvL OUTPUT, I'm getting pkts value as 7984K and bytes value as 2310M. But the values in /etc/sysconfig/iptables are showing the same values. Why this difference? – Gnanam Aug 04 '10 at 07:26
  • @Gnanam could you post the top line showing the packts information... – Prix Aug 04 '10 at 07:36
  • Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7984K 2310M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 – Gnanam Aug 04 '10 at 07:55
  • 1
    try this for a simple test, iptables-save > /tmp/test.iptables then cat /tmp/test.iptables | grep "OUTPUT ACCEPT", those are just counters and you can even reset it with the option -Z if you want. iptables -Z; iptables -Z -t mangle; iptables -Z -t nat – Prix Aug 04 '10 at 08:02
3

They are the saved values of the byte and packet counters for the specified table's chain policy. In your case the nat table. Have a look here for more information on iptables-save.

user9517
  • 116,228