Linux:Iptables列出并显示所有NAT IPTables规则命令
时间:2020-01-09 10:40:23 来源:igfitidea点击:
我正在使用/sbin/iptables -L -v -n |more命令。但是,我无法列出NAT规则。'
如何使用iptables命令查看或列出存储在NAT表中的NAT规则?如何在基于CentOS/RHEL/Debian/Ubuntu Linux的服务器下的NAT表中查看所有规则?/sbin/iptables命令用于IPv4数据包过滤和NAT。网络地址转换(NAT)在跨路由设备传输时,修改IP数据包报头中的IP地址信息。
要查看NAT规则,请执行以下任一命令。
语法
iptables命令的语法如下:
iptables -t nat -L iptables -t nat -L -n -v | grep 'something' iptables -t nat -L -n -v
输出示例:
Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- vlan2 * 0.0.0.0/0 192.168.1.0/24
Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes)
pkts bytes target prot opt in out source destination
Chain WANPREROUTING (0 references)
pkts bytes target prot opt in out source destination
root@tswitch:/tmp/home/root#
这是另一个命令:
$ sudo iptables -t nat -L -n -v
输出示例:
Chain PREROUTING (policy ACCEPT 294K packets, 17M bytes)
pkts bytes target prot opt in out source destination
165K 9879K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:443 to:10.105.28.42:443
166K 9982K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:80 to:10.105.28.42:80
0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:443 to:10.105.28.42:443
0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:80 to:10.105.28.42:80
22034 1322K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:444 to:10.105.28.45:444
22073 1324K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:81 to:10.105.28.45:81
31328 1880K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:445 to:10.105.28.44:445
19424 1165K DNAT tcp -- * * 0.0.0.0/0 192.168.103.146 tcp dpt:82 to:10.105.28.44:82
Chain INPUT (policy ACCEPT 199K packets, 12M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 387 packets, 24906 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 252K packets, 15M bytes)
pkts bytes target prot opt in out source destination
93223 5593K MASQUERADE all -- * * 10.105.28.0/24 !10.105.28.0/24 /* generated for LXD network lxdbr0 */
netstat-nat命令
netstat-nat命令显示Linux iptable防火墙上的无序连接:
# netstat-nat -n
要显示SNAT连接,请运行:
# netstat-nat -S
要显示DNAT连接,请执行:
# netstat-nat -D
