1.源网络地址转换(SNAT):
顾名思义,SNAT是一种在从专用IP地址连接到公用IP地址时通常转换源IP地址的技术。它将请求中的源客户端IP地址映射到BIG-IP设备上定义的转换。当内部主机需要启动与外部主机或公共主机的会话时,将使用NAT的最常见形式。
2.目的网络地址转换(DNAT):
顾名思义,DNAT是一种在从公共IP地址连接到私有IP地址时通常转换目标IP地址的技术。它通常用于将发往特定IP地址或IP地址上特定端口的数据包重定向到一台主机上,简单地重定向到另一地址,通常是在另一台主机上。
SNAT和DNAT之间的区别:
SNAT |
DNAT |
---|---|
It is generally used to change private address or port into a public address or port for packets leaving network. | It is generally used to redirect incoming packets with destination of public address or port to private IP address or port inside network. |
It translates source IP address within a connection to BIG-IP system IP address that one defines. | It translates IP addresses of internal servers that are protected by device to public IP addresses. |
It is used to change source address of packet. | It is used to change destination address of packet. |
It also changes source port in TCP/UDP headers. | It also changes destination port in TCP/UDP headers. |
It generally allows multiple hosts on inside to get any host on outside. | It generally allows multiple hosts on outside to get single host on inside. |
It is performed after routing decision is made. | It is performed before routing decision is made. |
In this, destination IP address is maintained and source IP address is changed. | In this, source IP address is maintained and destination IP address is changed. |
Client inside LAN and behind Firewall needs to browse Internet. | Website hosted inside data center behind Firewall and needs to be accessible to users over Internet |