Is there any way to use TCPDUMP from host in LAN to watch what is going on on GATEWAY ( Cisco router with NAT ).

If TCPDUMP cant do that then what should be good to do that ?

can't you just use the debug commands on the cisco router?

how should it looks like ? Its CISCO 2503 with IOS (tm) 2500 Software (C2500-I-L), Version 11.3(8), RELEASE SOFTWARE (fc1)

I should focus on WWW traffic (especially port 80)

I tryed this:
but it has shown nothing (no traffic).

Had a little more success with NAT option
when I ping eg. www.google.com from LAN i was able to see that traffic.

Any more suggestions ?
I need to watch connections on dport 23 and 80 ( telnet and http )

debug ip http url

I think the above debugs http requests to the http server that can be enabled/disabled on the router itself. i.e. Cisco SDM

I don't know if 11.3 IOS supports "debug ip packet", but if it does - Consider using something like...:
Note 1: ACL 103 is not applied to any interface as an access-group. It is simply used to specify which packets you want to view using debug ip packet. In this case, udp/domain and tcp/smtp packets from anywhere to anywhere. You can get more granular by changing the ACL's to meet your requirements.

Note 2: YMMV: But I find it easier to debug cisco routers using my linux box as a syslog server. Debug statements can generate alot of output. Try debugging a VoIP call someday!

The following is an example of how I use my linux box to capture debug output from cisco routers:
Note: 192.168.8.2 is the IP address of my linux box. I also configure syslogd to output facility local2 to a separate file.

Good Luck!

Don't know what it is that you are trying to see exactly but maybe you should enable ip accounting on that router.