NAT monitoringΒΆ

To display the status of the NAT service:

router{}show service
...
Service  NAT             is active
...
router{}

To display the current NAT information use the following commands:

router{}show nat
Current Sessions for NAT
Proto
Public Address
NATed Address
Foreign Address
State
udp
10.23.1.101:50111
192.1.0.3:47365
10.22.1.112:6050
UNREPLIED
udp
10.23.1.101:50116
192.1.0.4:45588
10.22.1.112:6050
UNREPLIED
udp
10.23.1.101:50106
192.1.0.2:48694
10.22.1.112:6050
UNREPLIED
udp
10.23.1.101:50120
192.1.0.5:38022
10.22.1.112:6050
UNREPLIED
udp
10.23.1.101:50100
192.1.0.1:58550
10.22.1.112:6050
UNREPLIED
End of list.

Conntrack session tables details and status can be filtered using the following options:

router{}show session-table
[session-type (all|nat|no-nat|expect)]
[protocol (PROTO)]
[inside-local ((INSIDE-LOCAL [port ILPORT])|([INSIDE-LOCAL] port ILPORT))]
[inside-global ((INSIDE-GLOBAL [port IGPORT])|([INSIDE-GLOBAL] port IGPORT))]
[outside-local ((OUTSIDE-LOCAL [port OLPORT])|([OUTSIDE-LOCAL] port OLPORT))]
[outside-global ((OUTSIDE-GLOBAL [port OGPORT])|([OUTSIDE-GLOBAL] port OGPORT))]
session-type (all|nat|no-nat|expect)
Specify the type of session to display: all sessions, NAT sessions only, all sessions but NAT, expected sessions (sessions related to an existing one, used as a helper for ALGs).
protocol (PROTO)
Specify the protocol to display.

inside-local (INSIDE-LOCAL [port ILPORT])

inside-local ([INSIDE-LOCAL] port ILPORT)
Specify the inside local IP address or port to display (or both).

inside-global (INSIDE-GLOBAL [port IGPORT])

inside-global ([INSIDE-GLOBAL] port IGPORT)
Specify the inside global IP address or port to display (or both).

outside-local (OUTSIDE-LOCAL [port OLPORT])

outside-local ([OUTSIDE-LOCAL] port OLPORT)
Specify the outside local IP address or port to display (or both).

outside-global (OUTSIDE-GLOBAL [port OGPORT])

outside-global ([OUTSIDE-GLOBAL] port OGPORT)
Specify the outside global IP address or port to display (or both).
router{}show session-table usage
Use/max:        10743/10000200
Use%:                0.11%
Conntracks:          10743
Expectations:            0
TCP:                 10734
UDP:                     7
ICMP:                    0
Other:                   2
router{}show session-table protocol udp
Prot
Inside Local
Inside Global
Outside Global
Outside Local
Flags
Timeout
Packets
udp
10.81.0.110:137
10.81.0.110:137
10.81.0.255:137
10.81.0.255:137
a
3415
0
udp
10.81.0.150:138
10.81.0.150:138
10.81.0.255:138
10.81.0.255:138
a
3340
0
udp
10.81.0.136:138
10.81.0.136:138
10.81.0.255:138
10.81.0.255:138
a
3546
0
udp
10.81.0.124:138
10.81.0.124:138
10.81.0.255:138
10.81.0.255:138
a
3395
0
udp
10.81.0.110:138
10.81.0.110:138
10.81.0.255:138
10.81.0.255:138
a
3149
0
udp
10.81.0.124:137
10.81.0.124:137
10.81.0.255:137
10.81.0.255:137
a
1746
0
udp
10.81.0.136:137
10.81.0.136:137
10.81.0.255:137
10.81.0.255:137
a
3542
0

The session-table can be flushed entirely or by IP address

router{}flush session-table
or
router{}flush session-table inside-local 10.81.0.110
udp      17 3382 src=10.81.0.110 dst=10.81.0.255 sport=137 dport=137 src=10.81.0.255 dst=10.81.0.110 sport=137 dport=137 [ASSURED] mark=0 use=1 uid=10000007
udp      17 3117 src=10.81.0.110 dst=10.81.0.255 sport=138 dport=138 src=10.81.0.255 dst=10.81.0.110 sport=138 dport=138 [ASSURED] mark=0 use=1 uid=18000005
conntrack v0.9.12 (conntrack-tools): 2 flow entries has been deleted.