NAT Loopback

Network Diagram

What will happen when the External Client try to connect to the Internal Server?

There is a DNAT (Destination Network Address Translation) rule on the Firewall.

-----------------------------------
| 1.1.1.1:8000 --> 192.168.168.3:80 |
-----------------------------------
| Source Address | Destination Address |    ...    |
---------------------------------------------------
| 1.1.1.2:1234 | 1.1.1.1:8000 | ... |
---------------------------------------------------
| Source Address | Destination Address |    ...    |
---------------------------------------------------
| 1.1.1.2:1234 | 192.168.168.3:80 | ... |
---------------------------------------------------
|  Source Address  | Destination Address |  ...    | 
---------------------------------------------------
| 192.168.168.3:80 | 1.1.1.2:1234 | ... |
---------------------------------------------------
|  Source Address  | Destination Address |  ...    | 
---------------------------------------------------
| 1.1.1.1:8000 | 1.1.1.2:1234 | ... |
---------------------------------------------------

Port Forwarding

What if the internal Client connects to the internal Server through the same Procedure?

The Client B wants to access Server A through outside network rather than internal local lan. It means that the destination address of B is 1.1.1.1 instead of 192.168.168.3.

|    Source Address    | Destination Address |    ...    |
----------------------------------------------------------
| 192.168.168.2:1234 | 1.1.1.1:8000 | ... |
----------------------------------------------------------
|    Source Address    | Destination Address |    ...    |
----------------------------------------------------------
| 192.168.168.2:1234 | 192.168.168.3:80 | ... |
----------------------------------------------------------
|    Source Address    | Destination Address |    ...    |
----------------------------------------------------------
| 192.168.168.3:80 | 192.168.168.2:1234 | ... |
----------------------------------------------------------

The Three-way Handshake failed.

Here is the Solution [NAT Loopback]:

Firewall changes the Source IP to 1.1.1.1 from 192.168.168.2 (SNAT).

--

--

A Programmer, Data Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store