1. 源网络地址转换(SNAT):
SNAT,顾名思义,是一种通常在从私有 IP 地址连接到公共 IP 地址时转换源 IP 地址的技术。它将请求中的源客户端 IP 地址映射到 BIG-IP 设备上定义的转换。当内部主机需要向外部主机或公共主机发起会话时,使用它是最常见的 NAT 形式。
2.目的网络地址转换(DNAT):
DNAT,顾名思义,是一种通常在从公共 IP 地址连接到私有 IP 地址时转换目标 IP 地址的技术。它通常用于将目的地为特定 IP 地址或 IP 地址上的特定端口的数据包重定向到一个主机上的不同地址,主要是在不同的主机上。
SNAT 和 DNAT 的区别:
|
SNAT |
DNAT |
|---|---|
| It is generally used to change private address or port into a public address or port for packets leaving network. | It is generally used to redirect incoming packets with destination of public address or port to private IP address or port inside network. |
| It translates source IP address within a connection to BIG-IP system IP address that one defines. | It translates IP addresses of internal servers that are protected by device to public IP addresses. |
| It is used to change source address of packet. | It is used to change destination address of packet. |
| It also changes source port in TCP/UDP headers. | It also changes destination port in TCP/UDP headers. |
| It generally allows multiple hosts on inside to get any host on outside. | It generally allows multiple hosts on outside to get single host on inside. |
| It is performed after routing decision is made. | It is performed before routing decision is made. |
| In this, destination IP address is maintained and source IP address is changed. | In this, source IP address is maintained and destination IP address is changed. |
| Client inside LAN and behind Firewall needs to browse Internet. | Website hosted inside data center behind Firewall and needs to be accessible to users over Internet |