Snat and dnat in linux

Snat and dnat in linux are well known. In order to protect the security of Intranet users, the linux firewall has the nat translation function, but the problem arises here, there are two types of nat: snat and dnat. But what kind of nat translation should we use? Here I will briefly describe these two conversions. Snat is a source address translation technology. When snat is configured on a vro or firewall gateway and the information is published, the router or gateway changes the source address to the configured Internet address. When the internal address needs to access services on the public network (such as web access), the internal address will initiate a connection, and the gateway on the router or firewall will convert the internal address, the private IP address of the internal address is converted to the public IP address of the public network. The address translation of the gateway is called SNAT, which is mainly used for internal shared IP Access to the outside. Dnat is a technology for destination address translation. When dnat is configured on the router or firewall gateway, when the information is sent, the vro or gateway changes the destination address to the configured Intranet address. When an internal service (such as a web site) needs to be provided, the external address initiates an active connection, and the gateway on the router or firewall receives the connection, and then switches the connection to the internal network, in this process, the gateway with a public IP replaces the internal service to receive external connections, and then implements address translation internally. This conversion is called DNAT and is mainly used for external release of internal services.