 |
VOOZH | about |
|
VOOZH | about |
There are two essential concepts in Network Address Translation (NAT). These are the Source NAT (SNAT) and Destination NAT (DNAT) which help to seamless communication.
However, these elements have a set of differences as they are opposite of each other. Let us deep dive into this article to learn more about SNAT and DNAT along with their key differences.
SNAT, as the name suggests, is a technique that translates source IP addresses generally when connecting from a private IP address to a public IP address. It maps the source client IP address in a request to a translation defined on a BIG-IP device. It is the most common form of NAT that is used when an internal host needs to initiate a session with an external host or public host.
DNAT, as the name suggests, is a technique that translates the destination IP address generally when connecting from a public IP address to a private IP address. It is generally used to redirect packets destined for a specific IP address or specific port on an IP address, on one host simply to a different address mostly on a different host.
SNAT | DNAT |
|---|---|
| It is generally used to change the private address or port into a public address or port for packets leaving network. | It is generally used to redirect incoming packets with a destination of a public address or port to a private IP address or port inside the network. |
| It translates the source IP address within a connection to the BIG-IP system IP address that one defines. | It translates the IP addresses of internal servers that are protected by the device to public IP addresses. |
| It is used to change the source address of the packet. | It is used to change the destination address of the packet. |
| It also changes the source port in TCP/UDP headers. | It also changes the destination port in TCP/UDP headers. |
| It generally allows multiple hosts on the inside to get any host on the outside. | It generally allows multiple hosts on the outside to get a single host on the inside. |
| It is performed after the routing decision is made. | It is performed before the routing decision is made. |
| In this, the destination IP address is maintained and the source IP address is changed. | In this, the source IP address is maintained and the destination IP address is changed. |
| Client inside LAN and behind Firewall needs to browse the Internet. | Website hosted inside data center behind Firewall and needs to be accessible to users over the Internet. |
It is very much necessary to understand the difference between SNAT and DNAT. Because this concept will be very much needed for network administrators and IT professionals. With the help of the concept, you can manage traffic flow, enhance security, and optimize network performance.
