NAT (network address translation, network addresses translation)

Source: Internet
Author: User
NAT (Network address translation) is the process of converting an IP address in an IP packet header to another IP address. In practical application, NAT is mainly used to realize the function of private network accessing public network. This way, by using a small number of public IP addresses to represent more private IP addresses, will help to slow the depletion of available IP address space
Dnat Destination network addresses translation destination network address translation,
SNAT Source network address translation, the role is to convert the source address of IP packets to another address, perhaps some people feel strange, good why IP address conversion ah, in order to understand this problem, We want to look at the local area network users on the principle of public network, Suppose intranet host A ( is to communicate with extranet Host B (, a to B IP packet, if there is no snat to a host of the source address conversion, A and B host communication will be abnormal interruption, because when the router will be the LAN packet to the public network IP, the public network IP will give you the private Network IP back to the packet, at this time, the public network IP can not know your private network IP should be how to go. So ask it to a router, of course, this is for sure, because from the public network can not see the private network IP, so you can not communicate to him. In order to achieve the correct sending and returning of packets, the gateway must convert a to a legitimate public network address, at the same time, in order for the B host to be able to send the data packages to a, the legitimate public network address must be the gateway's external network address, if it is other public network address, B will send packets to other gateways, Instead of the gateway to host A, a will not receive a packet from B. So intranet host to the public network must have a legitimate public network address, and the way to get this address is to let the gateway to Snat (source address conversion), the intranet address to convert to public Web site (usually the external address of the gateway), So we often see in order to let intranet users on the public network, we must in RouterOS firewall set Snat, commonly known as IP address spoofing or camouflage (masquerade)

Distinguishing between Snat and Dnat
From the definition they are the source address translation, one is the target address translation. is a function of address translation, which converts a private address to a public network address.
To differentiate these two functions can be simply by the connection initiator who is to differentiate:
Internal address to access the services on the public network (such as Web Access), the internal address will initiate the connection, by routers or firewalls on the gateway to the internal address to do address translation, the internal address of the private IP conversion to public IP, the gateway of this address translation called Snat, Mainly used for internal shared IP access outside.
When external services are required (such as publishing Web sites externally), the external address initiates the active connection, receives the connection by the router or the gateway on the firewall, and then converts the connection to the internal, by replacing the internal service with the gateway with the public network IP to receive the external connection, and then to do the address translation internally. This transformation is called Dnat, and is used primarily for internal service external publishing.
Be aware that these two NAT must not be confused when configuring a firewall or Routing ACL policy.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.