Just found out, I guess.
iptables -nvL on some distributions just show the filter table, excluding
the nat table:

port forwarding
iptables -t nat -nvL | grep -e 'tcp dpts' | awk -F ':' '{ print $3":"$2 }' |
sed 's/ to//g'
iptables -nvL | grep -e 'tcp spts' | awk -F ':' '{ print $5":"$4 }' | sed
's/ //g'

single port forwarding
iptables -nvL | grep 'tcp dpt:' | grep -e '*' -e 'ppp' | cut -d ':' -f 2

DMZ
iptables -nvL zone_dmz_forward | grep -e '*' | grep -v 'dpts:' | awk '{
print $9 }' | grep -v '0.0.0.0'

ports in use
cat /proc/net/tcp | cut -d ':' -f 3 | cut -d ' ' -f 1 | while read line; do
printf '%d\n' 0x$line; done
still missing something

On Thu, Nov 19, 2009 at 3:39 PM, Marco Savo <savomarco@gmail.com> wrote:

> On Thu, Nov 19, 2009 at 3:07 PM, Lisa Kachold <lisakachold@obnosis.com>wrote:
>
>>
>>
>> On Thu, Nov 19, 2009 at 5:27 AM, Marco Savo <savomarco@gmail.com> wrote:
>>
>>> Hello,
>>> I may find out the answer by myself, but may be useful to someone else...
>>>
>>> I have an embedded router that runs openwrt.
>>>
>>> I'd like to be able to read the firewall rules from iptables,
>>> you can see all rules from iptables -nvL
>>> How I can identify the rules for port forwarding or dmz? in particolar, I
>>> need to know the range of ports that are in port forwarding, or if all ports
>>> have been forwarded to dmz on the lan. I know this is wrong, but this is
>>> what I do:
>>>
>>> DMZ for all ports:
>>> iptables -nvL zone_dmz_forward | grep -e '*' | grep -v 'dpts:' | awk '{
>>> print $9 }' | grep -v '0.0.0.0'
>>>
>>> port ranges:
>>> iptables -nvL | grep -e 'tcp dpts' | awk -F ':' '{ print $3":"$2 }' | sed
>>> 's/ //g'
>>> iptables -nvL | grep -e 'tcp spts' | awk -F ':' '{ print $5":"$4 }' | sed
>>> 's/ //g'
>>>
>>> single port:
>>>
>>> iptables -nvL | grep 'tcp dpt:' | grep -e '*' -e 'ppp' | cut -d ':' -f 2
>>>
>>>
>>> Thanks in advance
>>>
>>>
>>> Thanks Marco!
>>
>> Might just drop those into my .bashrc alias for each search!
>>
>> Well, that was a question, I don't know if they are correct, the source
> port range may differ to the destination one, the iptables rules can be
> messed up...
>
> --
> 'The Magic Is In the Movement'
>
>             ___
>           {~._.~}
>           _( Y )_
>          (:_~*~_:)
>           (_)---(_)
> (_Marco_)---(_Savo_)
> ___                    ___
> \-_-/SW Engineer\-_-/
>
>
>


-- 
'The Magic Is In the Movement'

            ___
          {~._.~}
          _( Y )_
         (:_~*~_:)
          (_)---(_)
(_Marco_)---(_Savo_)
___                    ___
\-_-/SW Engineer\-_-/