I just had the pleasurable experience of debugging iptables again.

Here is a short oneliner that lets you debug your iptables in realtime.

watch -n 1 "sudo iptables-save -t nat -c"

iptables-save has the convienient flag -c, which is showing it’s counters as [packet:byte]

If you have a lot of web traffic on vm’s like me you might want to filter out 443. Also rules that do not trigger at all [0:0] can be filtered out.

watch -n 1 "sudo iptables-save -t nat -c | grep -v '0:0' |grep -v '443'"

This gives you a good indication as to wich rules get applied in realtime.
A useful tool for debugging.

Happy hacking :)