If anyone cares, I figured it out. To look at the NAT tables, you need to do "iptables -t nat --list".
The files /tmp/nat_rules and /tmp/nat_forward_rules (DUH!) show what the firmware fed into iptables.
I'm probably the last person to know that doing "iptables --list" only shows the standard firewall rules... ;-)
- K.C.