Iptables List and Show All NAT IPTables Rules Command

higeon

by Vivek Gite

I am using /sbin/iptables -L -v -n | more command. However, I am unable to list NAT rules. How do I use the iptables command to view or list NAT rules stored in NAT tables? How do I see all the rules in NAT tables under CentOS / RHEL / Debian / Ubuntu Linux based server?

/sbin/iptables command for IPv4 packet filtering and NAT. Network address translation (NAT) imodifyies IP address information in IP packet headers while in transit across a routing device. To see NAT rules type:
Show/Display Iptables NAT rules

Syntax

The syntax is as follows for iptables command:
iptables -t nat -L
iptables -t nat -L -n -v | grep 'something'
iptables -t nat -L -n -v
Sample outputs:

   Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes)    pkts bytes target     prot opt in     out     source               destination                0     0 DROP       all  --  vlan2  *       0.0.0.0/0            192.168.1.0/24             Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes)    pkts bytes target     prot opt in     out     source               destination                0     0 MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0                  Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes)    pkts bytes target     prot opt in     out     source               destination                Chain WANPREROUTING (0 references)    pkts bytes target     prot opt in     out     source               destination            [email protected]:/tmp/home/root#

Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes) pkts bytes target prot opt in out source destination 0 0 DROP all — vlan2 * 0.0.0.0/0 192.168.1.0/24Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all — * vlan2 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes) pkts bytes target prot opt in out source destinationChain WANPREROUTING (0 references) pkts bytes target prot opt in out source destination [email protected]:/tmp/home/root#

Here is another command:
$ sudo iptables -t nat -L -n -v
Sample outputs:

   Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes)    pkts bytes target     prot opt in     out     source               destination             165K 9879K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:443 to:10.105.28.42:443    166K 9982K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:80 to:10.105.28.42:80       0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:443 to:10.105.28.42:443       0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:80 to:10.105.28.42:80   22034 1322K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:444 to:10.105.28.45:444   22073 1324K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:81 to:10.105.28.45:81   31328 1880K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:445 to:10.105.28.44:445   19424 1165K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:82 to:10.105.28.44:82       Chain INPUT (policy ACCEPT 199K packets, 12M bytes)    pkts bytes target     prot opt in     out     source               destination                Chain OUTPUT (policy ACCEPT 387 packets, 24906 bytes)    pkts bytes target     prot opt in     out     source               destination                Chain POSTROUTING (policy ACCEPT 252K packets, 15M bytes)    pkts bytes target     prot opt in     out     source               destination            93223 5593K MASQUERADE  all  --  *      *       10.105.28.0/24      !10.105.28.0/24       /* generated for LXD network lxdbr0 */

Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes) pkts bytes target prot opt in out source destination 165K 9879K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 166K 9982K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 0 0 DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:443 to:10.105.28.42:443 0 0 DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:80 to:10.105.28.42:80 22034 1322K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:444 to:10.105.28.45:444 22073 1324K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:81 to:10.105.28.45:81 31328 1880K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:445 to:10.105.28.44:445 19424 1165K DNAT tcp — * * 0.0.0.0/0 192.168.203.146 tcp dpt:82 to:10.105.28.44:82Chain INPUT (policy ACCEPT 199K packets, 12M bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 387 packets, 24906 bytes) pkts bytes target prot opt in out source destinationChain POSTROUTING (policy ACCEPT 252K packets, 15M bytes) pkts bytes target prot opt in out source destination 93223 5593K MASQUERADE all — * * 10.105.28.0/24 !10.105.28.0/24 /* generated for LXD network lxdbr0 */

Say hello netstat-nat

The netstat-nat command display the natted connections on a Linux iptable firewall:
# netstat-nat -n
To display SNAT connections, run:
# netstat-nat -S
To display DNAT connections, type:
# netstat-nat -D

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Shared via Inoreader

iPhoneから送信

Iptables List and Show All NAT IPTables Rules Command

留下评论