33

I added packet forwarding rule in my iptable
sudo iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 10.0.3.126:80
and I can see that the packet coming to port 1111 is correctly forwarded to 10.0.3.126:80. However if I list up the rules, I cannot see the rule that I added. 

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

How can I view the rule I added? Thank you in advance.

John Doyle
  • 898
  • 2
  • 9
  • 22

1 Answers1

74

Use iptables -L -n -t nat command
Because PREROUTING chain is a part of NAT rules

Yuriy Zhigulskiy
  • 1,382
  • 9
  • 11
  • Isn't it also part of mangle ? So wouldn't you have to look at the PREROUTING chain for mangle and nat? Or are the chains not table specific? – Code Wiget Sep 14 '18 at 14:41
  • 4
    PREROUTING is a phase, NAT is table, the relation is PREROUTING has a NAT table of chains, and chain has rules. The reason you need to add `-t nat` is `As every other iptables command, it applies to the specified table (filter is the default)`, refer to https://linux.die.net/man/8/iptables – iloahz Jul 27 '19 at 10:52