Linux viewing all iptables NAT, DNAT, MASQUERADE rules

Fig.01: Linux viewing all iptables NAT, DNAT, MASQUERADE rules

Fig.01: Linux viewing all iptables NAT, DNAT, MASQUERADE rules

To see all iptables IPv4 NAT, DNAT, MASQUERADE rules on a Linux, enter (must be run as root or using sudo):
# iptables -L -n -v -t nat
Sample outputs:

Chain PREROUTING (policy ACCEPT 28M packets, 1660M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  eth0   *       10.10.29.68          0.0.0.0/0            tcp dpt:3306 to:10.0.3.19:3306
    0     0 DNAT       tcp  --  eth0   *       10.10.29.68          0.0.0.0/0            tcp dpt:11211 to:10.0.3.20:11211
    0     0 DNAT       udp  --  eth0   *       10.10.29.68          0.0.0.0/0            udp dpt:11211 to:10.0.3.20:11211
 
Chain INPUT (policy ACCEPT 18M packets, 1029M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
Chain OUTPUT (policy ACCEPT 23M packets, 1407M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
Chain POSTROUTING (policy ACCEPT 33M packets, 1977M bytes)
 pkts bytes target     prot opt in     out     source               destination         
38918 2336K MASQUERADE  all  --  *      *       10.0.3.0/24         !10.0.3.0/24         
    0     0 MASQUERADE  all  --  *      *       10.0.3.0/24         !10.0.3.0/24

Understanding command options

  • -L : List firewall rules.
  • -n : Do not resolve names. Numeric output. IP addresses and port numbers will be printed in numeric format.
  • -v : Verbose output. This option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed.
  • -t nat : Specify a nat table. Other options are filter, nat, mangle, raw or security.

Examples and usage: How to list all iptables rules with line numbers on Linux