Figure 1 shows what is intended. What we have is a private network, 10.5.3.0, which has three machines on it called solaris, win95 and linux. (Not their real names. All names and dates have been changed to protect the innocent.) These machines have IP addresses of 10.5.3.1, 10.5.3.21 and 10.5.3.22 respectively.
solaris is also a router. It has another IP address, 203.30.77.2 which is connected to a modem. The modem, in turn, speaks to a system at ORAC. ORAC is in turn connected to the wider Internet.
If, say, win95 wants to connect to some other host on the Internet, it needs to route all of its packets to solaris. solaris can then send these packets on to ORAC, which can then send them on to whatever host that it needs to talk to.
A problem arises whenever the host that win95 is connected to wants to send something back to win95. The IP address 10.5.3.21 is not recognised on the Internet; any address on the network 10.0.0.0 is assumed to be a private network which shouldn't be out in the wider world. As such, packets intended to return to win95 simply get lost.
Network address translation (NAT) solves this problem. Any TCP or UDP connection goes through a port, with a particular port number. As the packets pass through solaris, the IP address of the sending machine is translated to be 203.30.77.2, the Internet address for solaris, and the port number of 1051 is changed to an unused port number on solaris, in this case 10001. The remote host can now send packets to 203.30.77.2, a valid Internet address at port number 10001. solaris translates the addresses in these packets and sends them on to win95, which isn't even aware of anything odd happening.
The standard protocols for the Internet are specified by the misleadingly-named RFCs, or requests for comment.[23] RFC 1918 contains the (latest) specifications for private networks.[4] RFC 1631 contains the specifications for NAT.[6]
![\includegraphics[angle=90, width=\textwidth, height=\graphicsheight, keepaspectratio=true]{theory1.eps}](img1.png){kind=small}