Display the Natted / Routed Connections on a Linux Iptable Firewall

Q. I’ve Linux box acting as software router (natted) for over 100 computer connected via LAN. Regular netstat command is not displaying the list of all natted connections. How do I find out connections managed by netfilter / iptables which comes with the Debian 4.x system?

A. You cannot use regular netstat command to display NAT connections managed by iptables. You need to use netstat-nat command. You can also use /proc/net/ip_conntrack or /proc/net/nf_conntrack, which is the temporary conntrack storage of netfilter.

ADVERTISEMENTS

Install netstat-nat

Use apt-get command under Debian / Ubuntu Linux, enter:
$ sudo apt-get install netstat-nat

Source code / RPM file

If you are using Suse / Redhat Linux, grab source code or RPM file here:

How do I use netstat-nat command?

Login as root user and type the following to display list of all natted connections:
# netstat-nat -n
To display NAT connections with protocol selection, enter:
# netstat-nat -np
To display all connection by source IP called 192.168.1.100
# netstat-nat -s 192.168.1.100
To display all connections by destination IP/hostname called laptop, enter:
# netstat-nat -s laptop
To display SNAT connections, enter:
# netstat-nat -S
To display DNAT connections, enter:
# netstat-nat -D
To display only connections to NAT box self i.e. doesn’t show SNAT & DNAT, enter:
# netstat-nat -L
To display help, enter:
$ netstat-nat -h
$ man netstat-nat

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
5 comments… add one
  • Aaron Conaway Feb 26, 2008 @ 13:07

    I’ve been using iptstate at home to look at connections, but it’s more like top for network connections through IPTables.

    netstat-nat is a lot more flexible — especially when I have people over who are IMing and surfing all over the place.

    Thanks for the info.

  • Balazs Zachar May 18, 2011 @ 18:38

    You can use the conntrack command as well (in fedora it is in the conntrack-tools package ).
    It has a nice feature to watch the events in “real-time”…

  • Charles Kozler Aug 15, 2011 @ 12:58

    Just as a side note you may want to make a note that the kernel must have netfilter enabled or loaded as a module

  • 9laz Mar 12, 2013 @ 10:31

    I like tool: iptstate – display realtime connection/nat state, can filter output by IP (src/dst) and port and run in text mode / console.

  • Barrack Hussein Bombama Sep 23, 2015 @ 5:08

    basura, netstat-nat is outdated crap:

    # netstat-nat
    Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
    open(“/proc/net/nf_conntrack”, O_RDONLY) = -1 ENOENT (No such file or directory)

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.