SNAT vs DNAT: Detailed Comparison Table

Rashmi Bhardwaj | Blog,Routing & Switching,Security

Hi viewers, in this post we will walk through detailed comparison of SNAT vs DNAT and when/where are they required in the network. While in case of SNAT, the destination IP address is saved not manipulated and the source IP address is changed. On the other hand, in case of DNAT, destination address is changed and the source IP address is not manipulated. But before we continue in detail, let’s understand NAT, SNAT and DNAT terminologies –

NAT is an abbreviation for Network Address Translation. NAT occurs when one of the IP addresses in an IP packet header is changed i.e. either Source IP address or Destination IP address.

You can watch this video for better understanding:

(or continue reading)





SNAT is an abbreviation for Source Network Address Translation. It is typically used when an internal/private host needs to initiate a connection to an external/public host. The device performing NAT changes the private IP address of the source host to public IP address. It may also change the source port in the TCP/UDP headers.

A typical scenario where we generally use SNAT is when we are required to change the private (i.e. RFC1918) address or port into a public address or port when the packets are leaving the network. In terms of order of operation on NAT device, SNAT feature comes to fore after the routing decision has been made. Moreover, when there are multiple hosts on the “inside” network who want to get to any host on the “outside” network, SNAT is used.



DNAT stands for Destination Network Address Translation. Destination NAT changes the destination address in the IP header of a packet.

It may also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.

Destination NAT is performed on incoming packets, where the firewall translates a public destination address to a private address. DNAT is a 1-to-1, static translation with the option to perform port forwarding or port translation.

Users over Internet Accessing a Web Server hosted in a Data Center is a typical example where DNAT is used to hide the private Address of Web Server and NAT device translates the Public Destination IP reachable to Internet Users to Private IP address of Web Server.



Below table summarizes the differences between the two:

Download the SNAT vs DNAT detailed comparison in PDF format.

If you want to learn more about NAT, then check our easy to understand Free NAT Cheatsheet in downloadable PDF Format explained with relevant Diagrams.

nat cheatsheet


1 thought on “SNAT vs DNAT: Detailed Comparison Table”

Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart