Easy way to show NAT translation table?
-
Hi all,
Setting up a outbound NAT rule for only two of the networks behind my firewall (I have many, but these two have private RFC1918 netblocks, and I want to NAT them outbound to a single public IP addr, that is not the outside int's address.) I would like to verify that the NAT is happening correctly; is there a simple way (either thru the GUI or the CLI) to show the current NAT translation table? Something like the Cisco "show ip nat translations" which produces the following sort of output:
R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 200.2.2.1:53427 192.168.0.6:53427 74.200.84.4:53 74.200.84.4:53 udp 200.2.2.1:53427 192.168.0.6:53427 195.170.0.1:53 195.170.0.1:53 tcp 200.2.2.1:53638 192.168.0.6:53638 64.233.189.99:80 64.233.189.99:80 tcp 200.2.2.1:57585 192.168.0.7:57585 69.65.106.48:110 69.65.106.48:110 tcp 200.2.2.1:57586 192.168.0.7:57586 69.65.106.48:110 69.65.106.48:110Thanks!
-
Anyone? Surely there must be a way….
-
Diagnostics > States
-
Try pfctl -s nat.
-
-
Those show the nat rules, not the nat translations. The state table would be the only source of seeing the NAT translations.
At the CLI, to dump the states, use:
pfctl -ssTo restrict that to just NAT, try:
pfctl -ss | egrep '(>.*>|<.*<)' -
Sorry. Misinterpreted what was being asked for.
