askvity

What is DNAT IP?

Published in Networking 3 mins read

DNAT IP refers to the destination IP address that a packet is translated to using Destination Network Address Translation (DNAT). DNAT rewrites the destination IP address (and often the port) of an incoming packet, effectively redirecting it to a different IP address within a network.

Here's a more detailed explanation:

Understanding DNAT

DNAT is a type of Network Address Translation (NAT) primarily used to:

  • Publish services hosted on a private network to the public internet. Without DNAT, devices on a private network (using private IP addresses like 192.168.x.x) wouldn't be directly accessible from the internet.
  • Load balance incoming traffic across multiple servers. DNAT can distribute incoming requests to different internal servers based on various algorithms.
  • Redirect traffic for security purposes. DNAT can redirect traffic to a honeypot or other security device for analysis.

How DNAT Works

  1. Incoming Packet: A packet arrives at a router or firewall from the outside network (e.g., the internet) with a specific destination IP address and port.

  2. DNAT Rule Application: The router/firewall examines the packet and checks its DNAT rules. If a rule matches the packet's destination IP and port, DNAT is applied.

  3. IP Address Translation: The destination IP address and/or port of the packet are changed to the new, internal IP address and port as specified by the DNAT rule. This new IP address is the DNAT IP.

  4. Packet Forwarding: The router/firewall forwards the modified packet to the internal server at the new DNAT IP address and port.

  5. Response Packet: When the internal server responds, the router/firewall uses Source NAT (SNAT) to translate the source IP address of the response packet back to the router's public IP address before sending it back to the original sender. This ensures the sender can correctly route future packets back.

Example Scenario

Imagine a web server (internal IP: 192.168.1.10) running on a private network that needs to be accessible from the internet. The router has a public IP address of 203.0.113.5.

A DNAT rule is configured on the router to translate incoming traffic on port 80 of the public IP (203.0.113.5:80) to the web server's internal IP and port (192.168.1.10:80).

When a user accesses 203.0.113.5:80 from the internet, the DNAT rule changes the destination IP address of the packet to 192.168.1.10. In this case, 192.168.1.10 is the DNAT IP. The packet is then forwarded to the web server.

In Summary

The DNAT IP is the destination IP address that a packet is translated to within a private network when using Destination Network Address Translation. This allows services on private networks to be accessible from external networks like the internet.