netstat-nat(1) [debian man page]

netstat-nat(1)						      General Commands Manual						    netstat-nat(1)

NAME

       netstat-nat - Show the natted connections on a linux iptable firewall

SYNOPSIS

       netstat-nat [options]

DESCRIPTION

       netstat-nat Displays NAT connections managed by netfilter/iptables which comes with the > 2.4.x linux kernels.

       The  program  reads  its information from '/proc/net/ip_conntrack' or '/proc/net/nf_conntrack', which is the temporary conntrack-storage of
       netfilter.

OPTIONS

       -h     displays help

       -n     don't resolve IPs/portnumbers to host/portnames

       -p <protocol>
	      display NAT connections with protocol selection (see /etc/protocols)

       -s <source host>
	      display connections by source IP/hostname

       -d <destination host>
	      display connections by destination IP/hostname

       -S     display SNAT connections

       -D     display DNAT connections

       -L     display only connections to NAT box self (doesn't show SNAT & DNAT)

       -R     display only connections routed through the NAT box (doesn't show SNAT & DNAT)

       -x     extended view of hostnames

       -r <src|dst|src-port|dst-port|state>
	      sort connections

       -o     no output header

       -N     display NAT box connection information (only valid with SNAT & DNAT)

       -v     prints version

FILES

       /proc/net/ip_conntrack or /proc/net/nf_conntrack

SEE ALSO

       http://www.tweegy.nl/projects/netstat-nat/
       http://www.netfilter.org/

AUTHOR

       netstat-nat has been written by D.Wijsman danny@tweegy.nl
       The manual page has been written by marceln@xs4all.nl

								     July 2002							    netstat-nat(1)

NAT action in tc(8)						       Linux						       NAT action in tc(8)

NAME

       nat - stateless native address translation action

SYNOPSIS

       tc ... action nat DIRECTION OLD NEW

       DIRECTION := { ingress | egress }

       OLD := IPV4_ADDR_SPEC

       NEW := IPV4_ADDR_SPEC

       IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]

DESCRIPTION

       The  nat  action allows to perform NAT without the overhead of conntrack, which is desirable if the number of flows or addresses to perform
       NAT on is large. This action is best used in combination with the u32 filter to allow for efficient lookups of a large number of  stateless
       NAT rules in constant time.

OPTIONS

       ingress
	      Translate destination addresses, i.e. perform DNAT.

       egress Translate source addresses, i.e. perform SNAT.

       OLD    Specifies addresses which should be translated.

       NEW    Specifies addresses which OLD should be translated into.

NOTES

       The  accepted address format in OLD and NEW is quite flexible. It may either consist of one of the keywords default, any or all, represent-
       ing the all-zero IP address or a combination of IP address and netmask or prefix length separated by a slash (/) sign.  In  any	case,  the
       mask (or prefix length) value of OLD is used for NEW as well so that a one-to-one mapping of addresses is assured.

       Address	translation  is  done  using  a  combination  of binary operations. First, the original (source or destination) address is matched
       against the value of OLD.  If the original address fits, the new address is created by taking the leading bits from  NEW  (defined  by  the
       netmask of OLD) and taking the remaining bits from the original address.

       There  is  rudimental  support for upper layer protocols, namely TCP, UDP and ICMP.  While for the first two only checksum recalculation is
       performed, the action also takes care of embedded IP headers in ICMP packets by translating the respective address therein, too.

SEE ALSO

       tc(8)

iproute2							    12 Jan 2015 					       NAT action in tc(8)