Le ven 19/03/2004 à 04:27, forum@xxxxxxxxxxxxx a écrit : > Try: > iptables -t nat -L > This should print the current nat table entries. This should print nat table _rules_... NAT entries are stored within conntrack table that is accessible through /proc/net/ip_conntrack. So, you have to parse the file to extract all entries that have a NAT tuple, i.e. a tuple for which : orig.src <> return.dst and/or orig.dst <> return.src Such as this one : tcp 6 431997 ESTABLISHED src=192.168.1.1 dst=172.16.1.7 sport=33057 dport=80 src=127.0.0.1 dst=127.0.0.1 sport=1080 dport=33057 [ASSURED] use=1 mark=0 Which is a connection through REDIRECT target. Or this one : tcp 6 431885 ESTABLISHED src=192.168.1.1 dst=219.24.23.10 sport=32839 dport=993 src=219.24.23.10 dst=215.34.54.67 sport=993 dport=32839 [ASSURED] use=1 mark=0 Which is an IMAPS connection from LAN to external server SNATed by firewall. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
