Router SNATs incoming connections [closed]

Question

For some reason, my router changes the source IP of incoming connections.

I can't find which setting makes this happen or if this expected behavior.

For example, this connection was initiated by an outside client to my web server (I know that this connection wasn't made by the router itself because I made it from another network), the source IP is reported to be 10.0.0.138 (and not the original IP of the client)

275 31.969629518 10.0.0.138 10.0.0.4 TCP 74 18669 → 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1360 SACK_PERM TSval=2387427748 TSecr=0 WS=512

On the other hand, this connection was initiated by my server and I got a response from the correct IP

53822 1085.028037982 172.64.150.182 10.0.0.4 TCP 66 443 → 39886 [FIN, ACK] Seq=6247 Ack=2032 Win=73728 Len=0 TSval=1625432376 TSecr=687765165

To my understanding, the router should only apply DNAT to incoming packets, regardless if the connection was initiated by a local machine or an outside machine. Is this assumption incorrect or is there some setting in my router that makes this happen?

Answer 1

Your assumption is correct: an inbound connection from public to private requires only destination NAT, no source NAT.

In reverse, outbound connections, from private to public require source NAT, no destination NAT.

"Inbound/outbound connection" here refers to the initiator (usually client) of the socket connection.