What router is it, chances are you already have a NAT router and didnt even know it!
I'll try to explain without going into great detail, and because of that the facts might not be 100% but will hopefuly make sense!
When a device connects to the internet, it will get whats called an IP address, in fact, any network device at all has an IP address. An IP address is basically a group of numbers, so for example I plug in my adsl modem, connect to the internet and get the IP 217.154.3.67 from my ISP, there will be no other computer in the world with this same internet IP. (it is actually more technical than that how ISP's provide the IP's but stick with that idea)
Now, on a "local network" i.e. in an office or at home where all the pc's are "linked", each pc on that network will have its own IP address (its actually the network card in the pc that has the IP), these IP addresses will have been either manually assigned, or assigned by a router (like yours probably has) or server. There are ranges of IP addresses used for private networks - so each pc on this private network has an ip, each one different but on the same range, for eg in a 3 pc network you might have 192.168.1.1, 192.168.1.2, and 192.168.1.3, and of course the router will have its own on the same range, AND the router will also have an internet IP.
Now, since the 192.168 network is a LOCAL network, these pc's can speak to each other (and the router) quite happily, however what happens when one needs to get on the internet? 192.168 cant see an internet IP such as 217.154.3.67 (take my word for it - they cant see each other, I'm not going to go into details as to why - just take it that becasue they are different numbers they cant)
So what we need to join the 2 networks is a router, what a router basically does is join 2 networks, in our case here, what we need to do is get the 3 pc's on the internet, now heres where NAT (Network Address Translation) comes into play, say a pc on our local network 192.168.1.1 wants to go to
www.google.com, the user types that into the address bar, then rather than the pc go straight onto the internet directly and look for google, it goes to the router, the router then "forwards" this information to the internet, the internet then says "heres google", the router then sends this back to the computer at 192.168.1.1. Now, in this example, "the internet" doesnt know about the pc 192.168.1.1, in fact it doesnt even know that this pc exists, it DOES know that the IP address 217.154.3.67 exists, because this is the INTERNET IP of the router. The same goes for any of the other 192.168.1.x computers.
So looking at it from the opposite side now, If you had a single pc connected straight to the internet (i.e. no router, just a modem, adsl modem or whatever) then anyone from the outside world trying to "hack" your pc, will have a direct connection to your pc. But with a NAT router, as I hopefully explained, they would not have this direct connection becasue the pc isnt connected to the internet directly, the router is, so anyone that might try and connect from the outside is actually only going to be trying to connect to the router not a computer sitting "behind" the router. So basically the router is a sort of "middle man" between the pc's and the internet.
Now becasue of this, action, people from the outside are blocked from your network (or single pc) because as I said, anyone from the outside will get to the router not a pc behind the router UNLESS, we WANT the outside world to access a particular pc on the network - why the heck would we want that you might be thinking! Well imagine you have 3 pc's and on one you would like to run a web server, or maybe host a game so that others can join, when they try to access the website or the game, they actually try and connect to the router as we said, but the router of course isnt running a web server or a game server, so we have to tell the router WHICH pc is running the server, so if we are running a web server on say pc 192.168.1.1, we need to tell the router that anyone requesting a web page is to be directed on to 192.168.1.1, so jo bloggs types in his browser
http://eggplant.com, the page is found to be at 217.154.3.67 (our routers IP address), the router goes "ok, someone after a web page, I've been told to send anyone after a web page on over to 192.168.1.1, but I cant do that, because I'm a NAT router, so what I'll do is pass the information that has been requested on to 192.168.1.1, and then if 192.168.1.1 wants to send anything back, I'll send it for them" So you see, even though our web server is on pc 192.168.1.1, as far as any visitors to the site are concerned, the site is actually on IP 217.154.3.67. Likewise, all of the 192.168.1.x pc's for all intents and purposes have the same internet IP address since its not them but the router that has the net connection and it just passes the relevant info back to each one.
Er, I hope that makes a bit of sense!
