What is SNAT?
SNAT (Source Network Address Translation) is a way to hide your private IP addresses when your servers connect to the internet.
Imagine your private server is like your personal phone. When you call someone, you don't want to show your real phone number — instead, you want to show your office number. That's what SNAT does.
The Problem
You have servers with private IPs like:
These cannot talk directly to the internet (of course)
The Solution: SNAT via OCI Network Firewall
With SNAT, the firewall replaces the private IPs with one public IP when sending data to the internet.
So:
| From (Private) | To (Public via SNAT) |
|---|---|
10.0.1.25 | 203.0.113.25 |
10.0.1.26 | 203.0.113.25 |
10.0.1.27 | 203.0.113.25 |
What SNAT Needs
SNAT needs a public IP address to work — just like your phone needs a number.
You give that public IP to OCI Network Firewall when creating a SNAT rule.
Example:
You tell OCI:
"Any traffic from
10.0.1.0/24(my private subnet), please change the source IP to203.0.113.25before sending it to the internet."
That’s it — now you’re using SNAT.
What Happens:
-
Server (10.0.1.25) sends request to internet
-
Firewall sees the traffic
-
Firewall swaps
10.0.1.25→203.0.113.25(your SNAT IP) -
External server sees
203.0.113.25 -
Response comes back to
203.0.113.25 -
Firewall translates it back to
10.0.1.25and sends it to the correct server
Why Use SNAT?
-
Lets private servers talk to the internet
-
Hides real IP addresses
-
You only need one public IP for many servers
-
Easy to whitelist just one IP for external services
Comments
Post a Comment