Static source translation

In static source translation (one-to-one source translation), the source IP address of a certain host is always translated using the same specific IP address.

Static source translation provides one-to-one source translation. Often, the original source address is the actual assigned IP address for a device on an internal network or DMZ. The translation is then applied to a public IP address belonging to the public IP address range assigned by the Internet service provider (ISP).

Figure: Static source ttanslation



1
The packet starts out with the original source (SRC) and destination (DST) IP addresses.
2
The firewall replaces the source address of the packets with a translated source IP address.
3
The server responds, using the translated IP address as the destination of the reponse.
4
Connection tracking information is used to automatically translate the reply packets. The firewall replaces the destination IP address in the server’s response with the original address so that the responses find their way back to the host.

You can also define static translation using whole networks. There is still a fixed one-to-one relationship between each original and translated IP address, so the original and translated networks must be of the same size. The addresses map to their counterparts in the other network. For example, if you translate the network 192.168.10.0/24 to 212.20.1.0/24, the host 192.168.10.201 is always translated to 212.20.1.201.