[ThunderPoit]

I have a question for any available network gurus.

In my scenario, I have a firewall with public IP address 1.1.1.1.
I have a 1:1 NAT policy that maps 1.1.1.2 to a server behind the firewall with a private IP of 192.168.1.100.

The above setup works perfect and I'm able to configure it just fine.
My real question is how exactly does this work?

When I try to make a connection to 1.1.1.2, I have to go through 1.1.1.1, but how does my computer or any other computer know that this is the route that needs to be taken?

[turtle]

If I'm understanding what your set up is correctly it's the port mapping that makes the difference. Also, are you connecting with a hostname or IPs only. If with hostnames then it's because the router/firewall is routing it.

[ThunderPoit]

I'm not sure I understand what you mean by port mapping.
If it makes any difference, it is a Sonicwall firewall that I'm working with.
In my setup, the IP address 1.1.1.2 only exists in a NAT policy on the router and is not assigned to a physical interface.
If i have my firewall at IP 1.1.1.1, with the 1:1 NAT policy mapping 1.1.1.2 to a sever behind the firewall, and my computer with an IP of 1.1.1.3 in the same switch as the firewall, how does the switch know to route my connection to 1.1.1.2 through 1.1.1.1?

[Eugene]

Question: Are you using two layers of NAT by choice or is it out of your hands?

[ThunderPoit]

It's only one layer of NAT. the addresses I'm using here are purely for example only.
The goal of 1:1/One-to-One NAT is to allow you to utilize multiple static IP addresses to access servers behind a rotuer/firewall. I know how to set it up, i was just curious on how it worked.

[SpecMode]

In a nutshell, the NAT software stack modifies the individual packets coming into the router. As a packet comes in from the external network, the router checks the packet header to see if it's going to an address you've defined in NAT; if so, then it modifies the packet header by substituting your NAT (private) IP address, then sends it on its way.

Example: an incoming packet has a destination IP address of 1.1.1.2, which you've setup to route to the server 192.168.1.100. The router surgically removes the address '1.1.1.2' from the header and replaces it with '192.168.1.100', and then routes the packet to the internal network accordingly.

For outgoing packets, it does the same thing in reverse, replacing the (private) source IP with its external NAT counterpart. For all intents and purposes, the external server receiving the packet sees it as coming from '1.1.1.2' - it never sees the private address at all.

[ThunderPoit]

I may be explaining myself incorrectly here.
After doing some reading some reading, im guessing my answer is some combination of ARP table and MAC table in the switch.
This is what my ARP cache shows when I have the NAT policy described above enabled:
1.1.1.1 00-17-c5-5f-80-bb dynamic
1.1.1.2 00-17-c5-5f-80-bb dynamic

[SpecMode]

Quote:

Originally Posted by ThunderPoit I may be explaining myself incorrectly here.

My bad. I misread the initial question as asking how NAT worked in general.