Home / server / Questions / 166900
Accepted
Gnanam
Asked: 2010-08-04 22:22:06 +0800 CST

iptables - What does the range in bracket mean? [duplicate]

  • 772

Possible Duplicate:
Don’t understand [0:0] iptable syntax

My server is Red Hat Enterprise Linux Server release 5.

I'm not an expert in Linux iptables firewall. I've the following entries in iptables:

[root@myserver ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Mon Sep 14 20:04:30 2009
*nat
:PREROUTING ACCEPT [10934:1556118]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [111392:6686084]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 5050
-A POSTROUTING -j MASQUERADE
-A OUTPUT -d 192.168.0.200 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.200:5050
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:5050
COMMIT
# Completed on Mon Sep 14 20:04:30 2009

What does the value range in the bracket mean? For example, here: PREROUTING ACCEPT [10934:1556118], what does the range 10934:1556118 mean?

firewall linux redhat iptables

2 Answers

  1. Best Answer

    It is packet and byte counters, try this:

    iptables -nvL OUTPUT

    PREROUTING

    Address translation occurs before routing. Facilitates the transformation of the destination IP address to be compatible with the firewall's routing table. Used with NAT of the destination IP address, also known as destination NAT or DNAT.

    • 4

  2. They are the saved values of the byte and packet counters for the specified table's chain policy. In your case the nat table. Have a look here for more information on iptables-save.

    • 2