All computers and devices connected to the Internet have an Internet Protocol address. This IP address identifies each connection in order to direct traffic to the correct destination. When a user connects multiple Internet devices over the same Internet service, however, a conflict in IP addresses would normally prevent proper signal direction. To alleviate this problem, routers use Network Address Translation to properly send and receive data.
Local IP Adressess
When computers connect through a router, the router assigns each one a local IP address. Unlike global IP addresses, these local addresses only exist within the Local Area Network. Local computers can contact each other through them, and the router uses them to identify each separately. Meanwhile, the router itself connects to the Internet with an Internet-wide IP address, allowing it to browse the Web and contact other computers on the Internet.
When a computer on a local network requests data from the Internet, the request first enters the router. The router identifies which local computer requests the data, then sends out the request over the Internet. The remote server sending the data only knows the router's IP address, and so returns the requested data packets to the router. When the router receives them, it uses NAT to match the data to the outgoing request and translates the destination address from its own IP to the local IP of the correct computer.
A hardware firewall intercepts all incoming data from the Internet, filtering out hacking attempts. While a router does not have this level of filtering, it does effectively double as a simple firewall due to NAT. When a signal reaches the router, it has to decide which local computer to pass it to. If it doesn't recognize that signal as having been requested by any local computer, it dismisses it. This blocks most simple threats, though it's not adequate for corporate servers with sensitive data.
Because of the firewall effect during NAT, some legitimate packets get dismissed as well. Certain Internet applications, such as many games and peer-to-peer sharing services, rely on remote data sent without a direct request. Normally, routers ignore this data, not knowing where to send it. Users can work around this by setting up port forwarding in their routers' settings. Port forwarding directs the router to send all data coming over specified Internet ports to particular computers, even if that data wasn't locally requested.
- Photo Credit Thomas Northcut/Photodisc/Getty Images