Source and destination NAT

Source NAT changes the source address in IP header of a packet. It usually use for packets leaving your network.

Destination NAT changes the destination address in IP header of a packet. It usually use to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.

On source NAT rule, I only need to configure a singe way out, and the return packet will be make use of the previous session to coming in, ie

Source NAT
original source     translated source
192.168.1.x            203.193.84.y

1. packet from 192.1681.x  leaving the network to a (destination) will do the source NAT translation :

     source                          destination

2. return packet from destination  to source 203.193.84.y
       source                        destination                        203.193.84.y

#2 has not created on firewall but it can relate #1 rule to coming it, correct ?  

Same concept also apply to destination NAT, correct ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'm not sure that I understand you questions, but will provide some details that may clear this up.

When a packet goes out from 192.168.1.y to, the source IP address will be the external IP address of your router.  The clever part is that the return port will be changed to an unused (high value) port.  The router keeps a lookup table to relate that return port to the local IP address (192.168.1.y) and the original return port.  When the packet comes back from, the router looks up the return port number in the table and changes the destination IP address and port to what it saved in the table.

Does that help?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:

So, NAT and Firewall Rule only need to consider for LAN to WAN. I don't need to care for the returned route as the router (firewall) will handle the return path for me, correct ?

Tks again.
It depends entirely on what router you are using.  With inexpensive routers you don't have to set up anything other than the LAN and WAN IP arrangements and whether or not to act as a DHCP server.  With the fancier ones there is more to do.  In general, it seems that you have to provide appropriate rules to allow traffic between different physical ports (different LAN ports and the WAN port) and enable NAT.

I would think it appropriate to start this over as a new thread with something such as: What is needed to configure my XYZ router for proper use?  You would want to specify answers to at least the following:

Do you have a static or dynamic WAN IP with your ISP?
Are you going to use a single WAN IP?
Do you want all LAN ports to have equal access to each other and also to the WAN port?  (You might want to have one LAN port that can't communicate with the others to be used as an "internet access only" connection.)
Do you want to have the router act as a DHCP server?
Do you have a need for VLANs to isolate traffic?
Do you have any need for the outside world to access devices inside your firewall, such as Email or Web servers or any type of remote access?
How much port blocking do you want to have?  One approach is to allow all ports through.  Another is to allow only the well-known (HTTP, HTTPS, SMTP, POP, etc.) ports through plus whatever special ones you need.

I'm sure that there are other questions that could be added to this list, but this should get you started.
AXISHKAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.