Friday, 10 April 2015

SNAT vs DNAT vs Masquerading

SNAT (Source NAT): Simply changes the IP address in the source header of the IP packet and sometimes TCP / UDP port as well (PAT / Port Address Translation.) Typically this is used to provide internal (private IP) clients to access public IP addresses on the internet (e.g. a web server.)

DNAT (Destination NAT): Simply changes the IP address in the destination header of the IP packet and sometimes TCP / UDP port as well (PAT / Port Address Translation.) Typically this is used to allow incoming packets from an internet host to access interal (private IP) hosts.

Masquerading: Is similar to SNAT, although it is unaware of which IP address it will be NAT'ing against at the time of rule creation - rather it is decided when the rule is triggered. Typically used when a NAT'ed outside interface uses DHCP (i.e. the IP is variable.)

0 comments:

Post a Comment