I just had the pleasurable experience of debugging iptables again.
Here is a short oneliner that lets you debug your iptables in realtime.
watch -n 1 "sudo iptables-save -t nat -c"iptables-save has the convienient flag -c, which is showing it’s counters as [packet:byte]
If you have a lot of web traffic on vm’s like me you might want to filter out 443. Also rules that do not trigger at all [0:0] can be filtered out.
watch -n 1 "sudo iptables-save -t nat -c | grep -v '0:0' |grep -v '443'"This gives you a good indication as to wich rules get applied in realtime.
A useful tool for debugging.
Happy hacking 🙂