NAT Lookup Tools & Software Verifying Network Address Translation

There are two reasons to use Network Address Translation (NAT); to improve security and maximize address space.

Not to mention that it is quite common to see NAT deployed in many of today's networks.

But sometimes NAT fails— and getting to the root of the problem can be quite tricky.

There could be some overlapping NAT policies, failed firewall translations, IP address issues that could be hard to troubleshoot, or a miriad of other issues.

It can be hard to find the root of the problem without logging in to one of these NAT devices, like a firewall or router.

And once inside, you will most likely have to sort through a long list of sessions— which only makes things more time-consuming.

Photo by Jordan Harrison on Unsplash

In this post, we'll go through seven popular NAT lookup tools.

A NAT lookup tool helps admins troubleshoot and keep NAT's records (sometimes without connecting to the device) by filtering, sorting, and providing other ways to simplify the output.

What does a NAT lookup Tool Do?

Traditional NAT requires a router (or firewall) with an interface pointing inbound to an internal network and another interface outbound to an external network (or Internet).

NAT also requires a set of rules that state how the address is to be translated.

NAT Requirements:

Inside Interface
An inside interface configured with a “private” IP address.
Outside Interface
An interface pointing to an external network, like the Internet. The IP address is usually a public IP followed with a port number.
The NAT policy, rule, or ACL
This policy specifies the list of inside source addresses that will be translated to which outside address. These rules include a pool of global IPs.

When a user or service requests a new external IP (or public), the router or firewall facing the Internet creates a new NAT session.

These NAT sessions remain open so that the internal end-user can use the public-facing IP as long as necessary (or configured).

The NAT Lookup Tool

The NAT Lookup tool looks into the current translations and rules stored in NAT tables from routers/or firewalls.

They display as much information regarding NATed connections and policies and help sort or filter the results— this helps admins save time and effort significantly.

Retrieving NAT policies established to specific IPs, getting to know their type of NAT mapping (static, dynamic, overload, PAT), see their status, and source/destination translation— all from a single platform can be a real time-saver.

Here's the 7 Best NAT Lookup Tools & Software:

1. SolarWinds NAT Lookup Tool

The Solarwinds NAT Lookup is a lightweight standalone tool designed for keeping track of NAT policies and translations in Palo Alto Firewalls.

The tool provides a list of NAT policies and their respective firewalls for any queried IP address.

The tool is very scalable— it can help admins render comprehensive NAT policy lists.

These lists will help troubleshoot IP address issues, overlapped NAT policies or rules, overall firewall translation issues, and networks regardless of size.

Highlights:

Search for NAT policies in one or multiple firewalls simultaneously.
The search results display the NAT policies and the translation for each IP address.
Only works for Palo Alto Firewalls.
The results can be exported as a CSV file.
The tool can also provide access to the IP translation in live session traffic.

SolarWinds NAT Lookup was created to reduce the time and effort required for network admins in large networks to look for NAT translations.

An advantage of this is that it removes the need for admins to access firewalls.

This also helps security admins to grant different levels of access in sensitive firewalls.

Pros:

Built with sysadmins in mind
Easy to use lightweight tool
Can search for policies across multiple firewalls
Can analyze IP translation in a live setting
Completely free

Cons:

Designed specifically for system administrators

Price:

100% free.

Download:

Click here to SolarWinds NAT Lookup Tool to download it for free.

2. netstat-nat

The “netstat-nat” is a Linux utility that displays all NATed connections, managed by iptables or netfilters.

For example, a server configured as a router or firewall running Linux iptables may use the netstat-nat utility to show all its NATted or router connections.

The lightweight utility reads information from the temporary conntrack-storage of Netfilter (‘/proc/net/ip_conntrack' or ‘/proc/net/nf_conntrack').

To make the utility work, make sure Netfilter is enabled in the Kernel.

What can you do with netstat-nat?

You can display only SNAT, DNAT, or both connections.
Display all NAT connections.
Filter according to protocol number.
Filter by source IP.
Display connections from a specific destination IP/hostname.
Sort NAT connections.
And more…

The utility is supported by the popular Linux distros, including Debian, Ubuntu, Suse, Redhat.

Pros:

Can quickly show which connections are actively established on a machine
Can find suspicious connections quickly if you know how to interpret netstat information
Can filter by TCP connections to limit your scope on noisier networks

Cons:

Doesn’t provide geolocation mapping for connections found
Requires training to understand how to properly use netstat in a meaningful way

Price:
Free

Download:

Get more information from the netstat-nat project.

3. Cisco’s IOS “show ip nat translation”

The most efficient method to check the NAT table and its contents from Cisco devices is with the IOS CLI command “show ip nat translations.”

The command shows all currently active NAT translations on the router.

The output from this command allows you to see five different columns:

Protocol:
The protocol type. Whatever protocol is busting a NAT connection: ICMP, TCP, UDP, etc.
Inside global:
This is the IP address of the “inside” local device as it is seen from outside (global).
Inside local:
This is the inside device’s IP address as it is seen from the inside. In other words, the real private IP.
Outside local:
Technically, this is an outside host as it appears from the inside network. According to Cisco, this is not a legitimate address, and it is used in unique scenarios.
Outside global:
The IP address of the outside host as it appears in the outside world. The IP is allocated from a globally routable network space (public IP).

Another useful Cisco’s IOS command to find information about NAT rules and translations is “show IP nat statistics; this command shows IP translations based on interface, percentage of hits and misses, etc.

With the show IP translation, you can also see the ACL (NAT rule) applied to each specific IP pool.

Pros:

Completely free
Easy to remember the syntaxs
Built-in all Cisco devices

Cons:

Lacks a graphical interface
Designed only for Cisco products

Where to find it?

Both commands “show IP nat translations” and “show IP nat statistics” are available in all Cisco devices with IOS.

4. FortiView for FortiGate Firewalls

FortiView is the primary logging tool for FortiGate firewalls. It shows real-time and historical logs from different dashboards (applications, Wifi, web sites, etc.).

You can browse and filter through logs if you are looking for specific results.

The FortiView lets you analyze the firewall sessions, which displays all current sessions since the application started.

The output likely shows a very long list, especially for large networks.

You can create filters to browse through those firewall and NAT sessions and reduce the output.

You can filter through the following logs:

Source or destination address
NAT address or port
Applications
And more.

Pros:

Simple yet informative interface
Can easily see and sort traffic and destination
Can see historical logs

Cons:

Can slow down on very large networks

Where to find it?

FortiView is the FortiOS log tool for all FortiGate firewalls. It is, by default, enabled on all FortiGates running FortiOS version 5.2 or above.

5. “pfctl” for OpenBSD PF

The pfctl stands for packet filtering control. It is the utility that connects with the packet filter device, specifically for OpenBSD PFs.

The pfctl can set configuration and rules or retrieve status information from the packet filtering (or firewall) device.

It is very robust and provides a vast number of commands.

To display the current active NAT translations with the pfctl utility, append (-s state) option, following the command.

This array “pfctl -s state” will list all current NAT sessions.

The output will show you a list with multiple columns:

The interface that the NAT session is bound to.
The protocol used for the connection (TCP, UDP, ICMP, IGMP, etc.)
Internal IP: The internal local IP address.
The internal (Global): The IP address as seen from the outside.
External IP: The address translated to an external IP and port (in case of PAT).
State: The state that the connection is on right now.

Pros:

Extremly fast and lightweight utility
Offers a robust variety of commands
Best for those who enjoy CLI tools

Cons:

Specfic for only OpenBSD
No GUI

Where to find it?

Download:

The pfctl is specific for OpenBSD systems.

Price:

Free

6. pfSense WebGUI

The pfSense is one of the most popular free and open-source firewalls and routers.

It is a customized distribution of the FreeBSD OS, adapted to be used as one of those devices.

pfSense comes with an easy to use web user interface.

With pfSense’s WebGUI, you can see a list of all firewall and NAT states, it includes:

The interface: Where the state is bound.
The protocol: The type of protocol that initiated that state.
The source and destination. The IP address before and after it is NATted. The arrow indicates the direction (inbound to outbound or vice versa).
The state: The status of the state’s connection. These vary according to the protocol.
Packets: number of packets that match the state, from source to destination.
Bytes: The total size of packets, from source to destination.

When the session list is too big to find what you are looking for, you can apply state filters.

These filters help you search quickly regarding specific search criteria.

For example, you can search based on IP or the entire subnet.

Pros:

Easy to use and read at scale
Open source transparent tool
Can easily sort and filter by packets, destination, traffic, etc
Is completely free

Cons:

Best used with pfSence products

Download:

For more information on viewing the Firewall states with the WebGUI, check pfSense official guide

Price:

Free with PfSense

7. Juniper’s J-Web

J-Web is the web user interface for Juniper’s SRX Series Services Gateways.

The tool allows you to monitor, configure, and troubleshoot the firewall via HTTPS. The J-Web GUI frees you from using the JunOS CLI.

The NAT sessions and rules section in the J-Web interface lets you configure NAT.

It also shows you all current NAT translations and their policies.

You can also create filters when browsing through information in real-time (or historical).

You can monitor:

Source NAT: Display all configured information about source NAT rules, pools, persistent NAT, and its bound addresses.
Destination NAT: Display the destination NAT table containing information about the NAT address pool.
Static NAT: View all configured static NAT rules.
Interface NAT ports. Display the port utilization for the specific source pool.
Monitoring NAT Incoming Table Information. View NAT table information in real-time.

The NAT monitoring tool will give you a breadth of information regarding the NAT sessions, from the interface, rule (policy), destination/source address, protocol, alarms, hits, and much more.

Pros:

Offers better visualizations than most NAT lookup tools
Can sort traffic quickly – even in a live setting
Offers both a GUI and CLI version

Cons:

Specifically for Juniper devices

Where to find it?

J-Web comes free with the Juniper device.

Final Words

A NAT Lookup tool is essential for troubleshooting NAT— which is critical for any modern network.

The tool helps network admins look at NAT policies and sessions quicker and faster.

Most of these tools are unique to a single vendor.

They are dependent on utilities or features to the firewall or router. They are not standalone software.

But one that stands out is the SolarWinds NAT Lookup Tool.

It is standalone software. One of the few allows users to connect to multiple firewalls simultaneously— plus it is 100% free.

NAT Lookup Tools & Software FAQs

How does NAT Lookup work?

In NAT Lookup, a device on a private network makes a request to access a public resource, such as a website or an email server. The NAT device, such as a router, intercepts the request and maps the private IP address of the device to a public IP address, which it then uses to access the public resource. The NAT device also maintains a table of the translations it has made, so that it can forward incoming traffic from the public network back to the appropriate device on the private network.

What are the benefits of NAT Lookup?

The benefits of NAT Lookup include improved security, conservation of public IP addresses, and easier network management. NAT Lookup enables private networks to access the internet or other public networks, while keeping their private IP addresses hidden from the public, which helps to improve security. Additionally, NAT Lookup helps conserve public IP addresses, as a single public IP address can be used to represent multiple private IP addresses.

What are the limitations of NAT Lookup?

The limitations of NAT Lookup include difficulty with certain applications and protocols, such as peer-to-peer networks and VoIP, which require direct communication between devices on the public and private networks. NAT Lookup can also add latency to network traffic and make it more difficult to troubleshoot network issues.

How can I configure NAT Lookup on my network?

The configuration of NAT Lookup depends on the type of NAT device being used and the network environment. In general, NAT Lookup can be configured through the web interface or command-line interface of the NAT device, such as a router or firewall. You can manage multiple devices at once using tools like SolarWinds NAT Lookup.