I've got small numbers of connections moving through a load balancer configured in NAT mode. So I've got an iptables table called "nat", which has in it a line "-A POSTROUTING -o eth0 -j MASQUERADE" (lan connect is eth0, private lan inside the cluster is eth1). The load balancer is working; connections made to the virtual ip on that host do get routed to one of the real servers behind this load load balancer. But I want to observe the connections on the load balancer. My first attempt was to use netstat with the --masquerade switch. This produced the result "netstat: no support for `ip_masquerade' on this system." Consistent with this, there is no /proc/net/ip_masquerade. On the other hand, the load balancer *IS* working; those connections *are* getting NATted and routed. Also, lsmod shows varous relevant modules loaded: iptable_nat 40773 1 ip_nat 53101 2 ipt_MASQUERADE,iptable_nat ip_conntrack 91237 5 xt_state,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat nfnetlink 40457 2 ip_nat,ip_conntrack ip_tables 55329 2 iptable_filter,iptable_nat x_tables 50377 7 xt_state,ipt_REJECT,xt_tcpudp,ipt_MASQUERADE,xt_multiport,iptable_nat,ip_tables So, netstat just isn't somehow the right monitoring tool, right? So what is the right monitoring tool? I need to know the source IP and real-server IP of connections being handled by the load balancer. I don't need a lot showing exactly how each one was handled, but I'd like to be able to determine the state of any connection currently active. How can I do this? -- David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info