SNAT and DNAT with 1 IP address

Muhammad Hakim · ‎03-24-2019

Hi All..

ive setup with my 3rd party bank using NAT.

for example.. if i want to hit their server, i would need SNAT from my side.

if they want to hit my server, i would set for DNAT from my side.

how about i want to hit their server and get hit by their side, with only 1 IP address.

for example, my IP; 10.10.10.1 will be source from my side, to hit their side.

and their side will hit my side 10.10.10.1.

pls help.

Deepak Kumar · ‎03-24-2019

Hi,

If I am getting your question correctly, you are asking that what will solve if both side you have the same subnet (subnet overlap)?

As you mentioned that there is port forwarding so you can't access directly using 10.10.10.1 (Server IP) because it is behind the NAT. While you will try to access Server then you will access to the Server side router's WAN IP.

Real world diagram will be as

As you will try to access the server then you have to access type IP in browser or DNS must resolve to 8.8.8.8. And as NAT is happening on your router so the router will replace your source IP with WAN IP (1.1.1.1) and destination IP will be 8.8.8.8.

Now Bank router will receive the packet and it will get as source 1.1.1.1 and destination 8.8.8.8. So wan router knows to your local router, not your PC. Again BANK router's will forward traffic to the Server as a port configured and now the server will reply to BANK router and Bank router again rewrites the header information and forward to your local LAN router and now your Local router will responsible for the rewritten header to forward to your PC.

Note: Private can't route over the WAN without any encapsulation as GRE/IPSec etc.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!