Linux: Iptables List and Show All NAT IPTables Rules Command

I am using /sbin/iptables -L -v -n | more command. However, I am unable to list NAT rules. How do I use the iptables command to view or list NAT rules stored in NAT tables? How do I see all the rules in NAT tables under CentOS / RHEL / Debian / Ubuntu Linux based server?

/sbin/iptables command for IPv4 packet filtering and NAT. Network address translation (NAT) imodifyies IP address information in IP packet headers while in transit across a routing device.
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
TimeN/A
To see NAT rules type any one of the following command.
Show/Display Iptables NAT rules

ADVERTISEMENTS

Syntax

The syntax is as follows for iptables command:

iptables -t nat -L
iptables -t nat -L -n -v | grep 'something'
iptables -t nat -L -n -v

Sample outputs:

Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  vlan2  *       0.0.0.0/0            192.168.1.0/24      
 
Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
 
Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
Chain WANPREROUTING (0 references)
 pkts bytes target     prot opt in     out     source               destination         
root@tswitch:/tmp/home/root#

Here is another command:
$ sudo iptables -t nat -L -n -v
Sample outputs:

Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 165K 9879K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:443 to:10.105.28.42:443
 166K 9982K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:80 to:10.105.28.42:80
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:443 to:10.105.28.42:443
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:80 to:10.105.28.42:80
22034 1322K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:444 to:10.105.28.45:444
22073 1324K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:81 to:10.105.28.45:81
31328 1880K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:445 to:10.105.28.44:445
19424 1165K DNAT       tcp  --  *      *       0.0.0.0/0            192.168.203.146      tcp dpt:82 to:10.105.28.44:82
 
Chain INPUT (policy ACCEPT 199K packets, 12M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
Chain OUTPUT (policy ACCEPT 387 packets, 24906 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
Chain POSTROUTING (policy ACCEPT 252K packets, 15M bytes)
 pkts bytes target     prot opt in     out     source               destination         
93223 5593K MASQUERADE  all  --  *      *       10.105.28.0/24      !10.105.28.0/24       /* generated for LXD network lxdbr0 */

Say hello netstat-nat

The netstat-nat command display the natted connections on a Linux iptable firewall:
# netstat-nat -n
To display SNAT connections, run:
# netstat-nat -S
To display DNAT connections, type:
# netstat-nat -D

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
2 comments… add one
  • Anon Mar 30, 2016 @ 0:17

    There needs to be a space after the command “netstat.”

  • nona Aug 17, 2017 @ 2:48

    Anon is wrong. netstat-nat is a standalone package entirely different than the netstat command.

    On CentOS/RHEL
    # yum install netstat-nat

    On Debian/*buntu
    # nobody actually runs Debian/*buntu so who cares?

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.