Easy way to show NAT translation table?

wdennis

Hi all,

Setting up a outbound NAT rule for only two of the networks behind my firewall (I have many, but these two have private RFC1918 netblocks, and I want to NAT them outbound to a single public IP addr, that is not the outside int's address.) I would like to verify that the NAT is happening correctly; is there a simple way (either thru the GUI or the CLI) to show the current NAT translation table? Something like the Cisco "show ip nat translations" which produces the following sort of output:

R1# show ip nat translations
Pro Inside global           Inside local            Outside local         Outside global

udp 200.2.2.1:53427  192.168.0.6:53427      74.200.84.4:53        74.200.84.4:53
udp 200.2.2.1:53427  192.168.0.6:53427      195.170.0.1:53        195.170.0.1:53
tcp 200.2.2.1:53638   192.168.0.6:53638      64.233.189.99:80    64.233.189.99:80
tcp 200.2.2.1:57585   192.168.0.7:57585      69.65.106.48:110    69.65.106.48:110
tcp 200.2.2.1:57586   192.168.0.7:57586      69.65.106.48:110    69.65.106.48:110

Thanks!

wdennis

Anyone? Surely there must be a way….

jimp

Diagnostics > States

podilarius

Try pfctl -s nat.

podilarius

@podilarius:

Try pfctl -s nat.

O and you can add v's to get more info. Like

pfctl -vvs nat

jimp

Those show the nat rules, not the nat translations. The state table would be the only source of seeing the NAT translations.

At the CLI, to dump the states, use:

pfctl -ss

To restrict that to just NAT, try:

pfctl -ss | egrep '(>.*>|<.*<)'

podilarius

Sorry. Misinterpreted what was being asked for.