Display the Natted / Routed Connections on a Linux Iptable Firewall

Q. I’ve Linux box acting as software router (natted) for over 100 computer connected via LAN. Regular netstat command is not displaying the list of all natted connections. How do I find out connections managed by netfilter / iptables which comes with the Debian 4.x system?



A. You cannot use regular netstat command to display NAT connections managed by iptables. You need to use netstat-nat command. You can also use /proc/net/ip_conntrack or /proc/net/nf_conntrack, which is the temporary conntrack storage of netfilter.

ADVERTISEMENTS



Install netstat-nat

Use apt-get command under Debian / Ubuntu Linux, enter:

$ sudo apt-get install netstat-nat

Source code / RPM file

If you are using Suse / Redhat Linux, grab source code or RPM file here:

How do I use netstat-nat command?

Login as root user and type the following to display list of all natted connections:

# netstat-nat -n

To display NAT connections with protocol selection, enter:

# netstat-nat -np

To display all connection by source IP called 192.168.1.100

# netstat-nat -s 192.168.1.100

To display all connections by destination IP/hostname called laptop, enter:

# netstat-nat -s laptop

To display SNAT connections, enter:

# netstat-nat -S

To display DNAT connections, enter:

# netstat-nat -D

To display only connections to NAT box self i.e. doesn’t show SNAT & DNAT, enter:

# netstat-nat -L

To display help, enter:

$ netstat-nat -h

$ man netstat-nat

