Table of Contents
Hi viewers, in this post we will walk through detailed comparison of SNAT vs DNAT and when/where are they required in the network. While in case of SNAT, the destination IP address is saved not manipulated and the source IP address is changed. On the other hand, in case of DNAT, destination address is changed and the source IP address is not manipulated. But before we continue in detail, let’s understand NAT, SNAT and DNAT terminologies –
NAT is an abbreviation for Network Address Translation. NAT occurs when one of the IP addresses in an IP packet header is changed i.e. either Source IP address or Destination IP address.
You can watch this video for better understanding:
(or continue reading)
What is SNAT?
SNAT is an abbreviation for Source Network Address Translation. It is typically used when an internal/private host needs to initiate a connection to an external/public host. The device performing NAT changes the private IP address of the source host to public IP address. It may also change the source port in the TCP/UDP headers.
A typical scenario where we generally use SNAT is when we are required to change the private (i.e. RFC1918) address or port into a public address or port when the packets are leaving the network. In terms of order of operation on NAT device, SNAT feature comes to fore after the routing decision has been made. Moreover, when there are multiple hosts on the “inside” network who want to get to any host on the “outside” network, SNAT is used.
What is DNAT?
DNAT stands for Destination Network Address Translation. Destination NAT changes the destination address in the IP header of a packet. It may also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.
Destination NAT is performed on incoming packets, where the firewall translates a public destination address to a private address. DNAT is a 1-to-1, static translation with the option to perform port forwarding or port translation.
Users over Internet Accessing a Web Server hosted in a Data Center is a typical example where DNAT is used to hide the private Address of Web Server and NAT device translates the Public Destination IP reachable to Internet Users to Private IP address of Web Server.
Comparison: SNAT vs DNAT
Below table summarizes the differences between the two:
Download the SNAT vs DNAT detailed comparison in PDF format.
Related FAQs
Q.1 How does SNAT work?
SNAT modifies the source IP address of outgoing packets from a private address to a public address. The return traffic is then sent back to the NAT device, which translates the public address back to the private address.
Q.2 Can SNAT affect inbound connections?
SNAT primarily affects outbound connections. For inbound connections, the corresponding DNAT (Destination NAT) would be used.
Q.3 How does DNAT work?
DNAT modifies the destination IP address of incoming packets to direct them to the appropriate device within a private network. The NAT device keeps track of the changes so that the response can be correctly routed back.
Q.4 Is DNAT the same as port forwarding?
DNAT can include port forwarding, but they are not the same thing. Port forwarding is a specific type of DNAT that directs traffic to a particular port on a specific internal device.
Q.5 Can SNAT and DNAT be used together?
Yes, SNAT and DNAT are often used together in scenarios where both the source and destination addresses need to be modified to facilitate communication between internal and external networks.
Q.6 What are the security implications of using SNAT and DNAT?
While NAT can help with security by hiding internal IP addresses, it should not be relied upon as the sole security measure. Proper firewall rules and other security measures should also be implemented.
Q.7 How does NAT affect protocols that embed IP address information in the payload?
Some protocols, such as FTP, SIP, or certain VPNs, embed IP address information within the payload. NAT devices must be configured to handle these protocols correctly, often requiring additional functionality like Application Layer Gateways (ALGs).
Q.8 What is a NAT table and how does it work?
A NAT table is used by a NAT device to keep track of active connections and their corresponding address translations. Each entry in the table maps an original IP address and port to a translated address and port.
Q.9 How does NAT traversal work?
NAT traversal techniques are used to establish and maintain connections through NAT devices. These techniques include STUN (Session Traversal Utilities for NAT), TURN (Traversal Using Relays around NAT), and ICE (Interactive Connectivity Establishment).
If you want to learn more about NAT, then check our easy to understand Free NAT Cheatsheet in downloadable PDF Format explained with relevant Diagrams.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
Good and concise explaination.