difference between SNAT and DNAT
tags: learning networking diff-between
questions to answer
in the drawing below, for example, in going out of a private network,
SourceNAT.excalidraw
⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠ You can decompress Drawing data with the command palette: ‘Decompress current Excalidraw file’. For more info check in plugin settings under ‘Saving’
Excalidraw Data
Text Elements
private network
router 10.0.0.5 123.12.1.12
client 10.0.0.6 no public ip
server 156.16.12.3
source ip: 10.0.0.6
destination ip: 156.16.12.3
source ip: 123.12.1.12
destination ip: 156.16.12.3
public internet
with SNAT, the server knows where to send back the response, because 123.12.1.12 is accessible in the public internet otherwise, server be like “who tf is 10.0.0.6”
another machine with ip 10.0.0.6 in server’s private network
private network
subnet router pri ip 10.0.0.5 pub ip 123.12.1.12 tailnet ip 100.100.100.1
client private ip 10.0.0.6 tailnet ip 100.100.100.2
server pub ip 156.16.12.3 pri ip, i don’t care here tailnet ip 100.100.100.3
source ip: 156.16.12.3
destination ip: 10.0.0.6
source ip: 156.16.12.3
destination ip: 10.0.0.6
public internet
another machine with ip 10.0.0.6 in server’s private network
client’s route table says “if dest ip is not 10.0.0.0/8, send to 10.0.0.5”. that’s why the dest ip is 156.16.12.3 but client sends the ip packet to router
packets with dest IP 10.0.0.6 will be sent within tailnet first
Link to original