show nat source
Displays configured source NAT (SNAT) rules.
- rules
- Source NAT rules.
- statistics
- Source NAT statistics such as address and port information.
- translations
- Source NAT translations.
Operational mode
Use this command to display the NAT rules you have configured. You can use this command for troubleshooting, to confirm whether traffic is matching the NAT rules as expected.
The following example shows how to display source rules for NAT.
vyatta@vyatta:~$ show nat source rules
--------------------------------------
NAT Rulesets Information
------------------------
-----------------------------------------------------------------------
SOURCE
rule intf match translation
---- ---- ----- -----------
20 dp0s5 proto 1 from 10.0.0.102 to 172.16.140.200 tag 0 dynamic any ->
172.16.139.100
30 dp0s5 from 10.0.0.0/24 ipv4 tag 0 dynamic any -> masquerade
The following example shows how to display current statistics for source NAT.
vyatta@vyatta:~$ show nat source statistics
rule pkts bytes interface used/total
---- ---- ----- --------- ----------
1 111 20006 dp0s5 1/65535
2 0 0 dp0s5 0/11
The used/total column refers to the translation space as defined by the NAT rule. The value is equivalent to the number of addresses multiplied by the number of ports. DNAT can exceed the translation space while SNAT cannot. In SNAT, if the translation space is exhausted, the remaining packets are dropped.
The following example shows how to display source NAT translation information.
vyatta@vyatta:~$ show nat source translations
Pre-NAT Post-NAT Prot Timeout
10.0.0.101:56803 172.16.139.100:56803 tcp 86375
10.0.0.102:48635 172.16.139.100:48635 tcp 0
10.0.0.102:56279 172.16.139.100:56279 tcp 0
10.0.0.102:56432 172.16.139.100:56432 tcp 4
10.0.0.102 172.16.139.100 icmp 59