Introduction : SNAT vs DNAT
In our previous post, we discussed about the NAT in detail. NAT is abbreviated for Network Address Translation, so the key word here is translation, as it is the process that is responsible for translation of an IP address. The translation can be from a public IP address to a private IP address or vice versa.
In this post, we will focus on two terms i.e. SNAT and DNAT. Both SNAT and DNAT are related to NAT, so one should have an understanding of the concept of NAT beforehand.
What is SNAT?
SNAT i.e. Source Network Address Translation as the name implies involves the translation of source IP address. Thus it allows the internal host to connect with the internet by translating its private IP address to public IP address. There are 3 types of SNAT:
- DIPP(Dynamic IP and Port): In this type of SNAT, multiple hosts can be allowed to have the same public IP address for their source IP addresses but with different port numbers.
- Dynamic IP: In this type of SNAT, one-to-one dynamic translation is allowed only of a source IP address (and not for port number) to the next available address in the NAT Address Pool.
Static IP: In this type of SNAT, one-to-one static translation of source IP address is allowed, but the source port remain unchanged.
SNAT can also translate source port in TCP/UDP headers.
What is DNAT?
DNAT i.e. Destination Network Address Translation is used by an external host to initiate connection with a private network. So, it translates the public IP address of an external host to the private IP of internal Host.
DNAT can also translate destination port in TCP/UDP headers.
Comparison Table: SNAT vs DNAT
Below table summarizes the differences between SNAT and DNAT –
|Abbreviation for||Source NAT||Destination NAT|
|Terminology||SNAT changes the private IP address of the source host to public IP address. It may also change the source port in the TCP/UDP headers. SNAT is typically used by internal users to access the Internet.||Destination NAT changes the destination address in IP header of a packet. It may also change the destination port in the TCP/UDP headers. DNAT is used when we need to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.|
|Use Case||A client Inside LAN and behind Firewall wanted to browse Internet||A Website Hosted inside Data Center behind the Firewall and needs to be accessible to users over Internet|
|Address Change||SNAT changes the source address of packets passing through NAT device||DNAT changes the destination address of packets passing through the Router|
|Order of Operation||SNAT is performed after the routing decision is made.||DNAT is performed before the routing decision is made.|
|Communication Flow||When inside secured Network initiates communication with outside world , SNAT happens||When outside insecured Network initiates communication with inside secured Network , DNAT happens|
|Single/Multiple hosts||SNAT allows multiple hosts on the “inside” network to get to any host on the “outside” network||DNAT allows any host on the “outside” network to get to a single host on the “inside” network|
Conclusion : SNAT vs DNAT
In the nutshell, we can say the major difference between SNAT and DNAT is that, SNAT is used to allow the internal host to connect with the internet and DNAT is used by an external host to initiate connection with a private network.
If you want to learn more about NAT, then check our e-book on NAT Interview Questions and Answers in easy to understand PDF Format explained with relevant Diagrams (where required) for better ease of understanding.