- Posts: 5
- Thank you received: 0
How SNAT and DNAT Functioning over the Iptables?
18 years 5 months ago #14167
by nske
Replied by nske on topic Re: How SNAT and DNAT Functioning over the Iptables?
Hi & welcome Nimmy 
SNAT (source nat) works by changing the source address field on the IP header, so that the packets appear to be coming from elsewhere (and the answers will be sent there). Most commonly, SNAT is used to allow hosts of an internal network, without routable address, to connect to the outside through the NAT gateway. Like said, the nat gateway will replace the private address with a public address (that routes to him), right before he sends the packets. Then he will forward any replies to the host.
DNAT (destination nat) does the opposite instead. It changes the destination address field on the IP header, so that the packets are forwarded somewhere else than their original destination. Most commonly DNAT is used to allow incoming connections to hosts with no routeble address (known as Port Forwarding) or for security & performance purposes -like to pass the packets through some application-layer filtering proxy or to implement load balancing.
For more on the concept, make sure you check the "Networking -> Network Address Translation" tutorial on this site -just don't let yourself confuse S(ource)NAT/D(estination)NAT with S(tatic)NAT/D(ynamic)NAT.
For a couple of simple examples using IPtables syntax, check the official NAT howto here .
SNAT (source nat) works by changing the source address field on the IP header, so that the packets appear to be coming from elsewhere (and the answers will be sent there). Most commonly, SNAT is used to allow hosts of an internal network, without routable address, to connect to the outside through the NAT gateway. Like said, the nat gateway will replace the private address with a public address (that routes to him), right before he sends the packets. Then he will forward any replies to the host.
DNAT (destination nat) does the opposite instead. It changes the destination address field on the IP header, so that the packets are forwarded somewhere else than their original destination. Most commonly DNAT is used to allow incoming connections to hosts with no routeble address (known as Port Forwarding) or for security & performance purposes -like to pass the packets through some application-layer filtering proxy or to implement load balancing.
For more on the concept, make sure you check the "Networking -> Network Address Translation" tutorial on this site -just don't let yourself confuse S(ource)NAT/D(estination)NAT with S(tatic)NAT/D(ynamic)NAT.
For a couple of simple examples using IPtables syntax, check the official NAT howto here .
Time to create page: 0.118 seconds