Other Outbound connectivity with NAT

This is a bit of a general question on firewalls/routers which use NAT.

For an outbound connection, which is translated from a private IP on the LAN to a public IP on the WAN interface through a router/firewall, is that type of connectivity always referred to as Source NAT?

Or is there some alternative type of NATing which can be used?
 
For an outbound connection, which is translated from a private IP on the LAN to a public IP on the WAN interface through a router/firewall, is that type of connectivity always referred to as Source NAT?
Yes, because you're translating the source address of a packet, usually from a private IP range to a 'real' internet IP address. But that isn't required, you can translate from any address to any other address. You're always changing the source address of an IP packet. When you translate many internal addresses to one single IP address it's also sometimes referred to as PAT (Port Address Translation).

With a redirection (often used to allow incoming traffic) you're translating the destination address of a packet, so that is called "destination NAT".
 
Ok thanks for confirming and for the RFC information. A colleague of mine was suggesting that a firewall doesn't always use Source NAT in this exact scenario, and I wasn't sure if there was some other mechanism at play, but I think you have confirmed succinctly.

In particular we were discussing the Azure firewall which seems to have a Source NAT limitation of circa 2000 concurrent connections per public IP which seems odd in that it is particularly low. It was suggested that the firewall wouldn't be using Source NAT.
 
Back
Top