by Vivek Gite
nixCraft: Linux Tips, Hacks, Tutorials, And Ideas In Blog Format / 2017-08-17 17:21
I am using /sbin/iptables -L -v -n | more command. However, I am unable to list NAT rules. How do I use the iptables command to view or list NAT rules stored in NAT tables? How do I see all the rules in NAT tables under CentOS / RHEL / Debian / Ubuntu Linux based server?
/sbin/iptables command for IPv4 packet filtering and NAT. Network address translation (NAT) imodifyies IP address information in IP packet headers while in transit across a routing device. To see NAT rules type:
Syntax
The syntax is as follows for iptables command:iptables -t nat -L
iptables -t nat -L -n -v | grep 'something'
iptables -t nat -L -n -v
Sample outputs:
Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- vlan2 * 0.0.0.0/0 192.168.1.0/24 Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destination Chain WANPREROUTING (0 references) pkts bytes target prot opt in out source destination [email protected]:/tmp/home/root# |
Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes) pkts bytes target prot opt in out source destination 0 0 DROP all — vlan2 * 0.0.0.0/0 192.168.1.0/24Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all — * vlan2 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destinationChain WANPREROUTING (0 references) pkts bytes target prot opt in out source destination [email protected]:/tmp/home/root#
Here is another command:$ sudo iptables -t nat -L -n -v
Sample outputs:
Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes) pkts bytes target prot opt in out source destination 165K 9879K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 166K 9982K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 22034 1322K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:444 to:10.105.28.45:444 22073 1324K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:81 to:10.105.28.45:81 31328 1880K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:445 to:10.105.28.44:445 19424 1165K DNAT tcp -- * * 0.0.0.0/0 192.168.203.146 tcp dpt:82 to:10.105.28.44:82 Chain INPUT (policy ACCEPT 199K packets, 12M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 387 packets, 24906 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 252K packets, 15M bytes) pkts bytes target prot opt in out source destination 93223 5593K MASQUERADE all -- * * 10.105.28.0/24 !10.105.28.0/24 /* generated for LXD network lxdbr0 */ |
Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes) pkts bytes target prot opt in out source destination 165K 9879K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 166K 9982K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 0 0 DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 0 0 DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 22034 1322K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:444 to:10.105.28.45:444 22073 1324K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:81 to:10.105.28.45:81 31328 1880K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:445 to:10.105.28.44:445 19424 1165K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:82 to:10.105.28.44:82Chain INPUT (policy ACCEPT 199K packets, 12M bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 387 packets, 24906 bytes) pkts bytes target prot opt in out source destinationChain POSTROUTING (policy ACCEPT 252K packets, 15M bytes) pkts bytes target prot opt in out source destination 93223 5593K MASQUERADE all — * * 10.105.28.0/24 !10.105.28.0/24 /* generated for LXD network lxdbr0 */
Say hello netstat-nat
The netstat-nat command display the natted connections on a Linux iptable firewall:# netstat-nat -n
To display SNAT connections, run:# netstat-nat -S
To display DNAT connections, type:# netstat-nat -D
Posted by: Vivek Gite
The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.
—
Shared via Inoreader
iPhoneから送信