netstat-nat(1) General Commands Manual netstat-nat(1)NAME
netstat-nat - Show the natted connections on a linux iptable firewall
SYNOPSIS
netstat-nat [options]
DESCRIPTION
netstat-nat Displays NAT connections managed by netfilter/iptables which comes with the > 2.4.x linux kernels.
The program reads its information from '/proc/net/ip_conntrack' or '/proc/net/nf_conntrack', which is the temporary conntrack-storage of
netfilter.
OPTIONS -h displays help
-n don't resolve IPs/portnumbers to host/portnames
-p <protocol>
display NAT connections with protocol selection (see /etc/protocols)
-s <source host>
display connections by source IP/hostname
-d <destination host>
display connections by destination IP/hostname
-S display SNAT connections
-D display DNAT connections
-L display only connections to NAT box self (doesn't show SNAT & DNAT)
-R display only connections routed through the NAT box (doesn't show SNAT & DNAT)
-x extended view of hostnames
-r <src|dst|src-port|dst-port|state>
sort connections
-o no output header
-N display NAT box connection information (only valid with SNAT & DNAT)
-v prints version
FILES
/proc/net/ip_conntrack or /proc/net/nf_conntrack
SEE ALSO
http://www.tweegy.nl/projects/netstat-nat/
http://www.netfilter.org/
AUTHOR
netstat-nat has been written by D.Wijsman danny@tweegy.nl
The manual page has been written by marceln@xs4all.nl
July 2002 netstat-nat(1)
Check Out this Related Man Page
NAT action in tc(8) Linux NAT action in tc(8)NAME
nat - stateless native address translation action
SYNOPSIS
tc ... action nat DIRECTION OLD NEW
DIRECTION := { ingress | egress }
OLD := IPV4_ADDR_SPEC
NEW := IPV4_ADDR_SPEC
IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]
DESCRIPTION
The nat action allows to perform NAT without the overhead of conntrack, which is desirable if the number of flows or addresses to perform
NAT on is large. This action is best used in combination with the u32 filter to allow for efficient lookups of a large number of stateless
NAT rules in constant time.
OPTIONS
ingress
Translate destination addresses, i.e. perform DNAT.
egress Translate source addresses, i.e. perform SNAT.
OLD Specifies addresses which should be translated.
NEW Specifies addresses which OLD should be translated into.
NOTES
The accepted address format in OLD and NEW is quite flexible. It may either consist of one of the keywords default, any or all, represent-
ing the all-zero IP address or a combination of IP address and netmask or prefix length separated by a slash (/) sign. In any case, the
mask (or prefix length) value of OLD is used for NEW as well so that a one-to-one mapping of addresses is assured.
Address translation is done using a combination of binary operations. First, the original (source or destination) address is matched
against the value of OLD. If the original address fits, the new address is created by taking the leading bits from NEW (defined by the
netmask of OLD) and taking the remaining bits from the original address.
There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP. While for the first two only checksum recalculation is
performed, the action also takes care of embedded IP headers in ICMP packets by translating the respective address therein, too.
SEE ALSO tc(8)iproute2 12 Jan 2015 NAT action in tc(8)