This part of the article gives an overview of ways to use your DSL machine as gateway for your home or office network, and goes through the basic steps to setup and maintain security to machines connected directly to the Internet. . . .
This part of the article gives an overview of ways to use your DSL machine as gateway for your home or office network, and goes through the basic steps to setup and maintain security to machines connected directly to the Internet. With NAT (or "IP masquerading", as it's called in another universe), multiple machine can be hidden behind one gateway machine. The machines behind the gateway can use their own, private network numbers (usually form the 10/24 or 192.168/16 subnets), and the gateway will translate the private, internal addresses to the public, external address of the gateway machine (hence NAT => Network Address Translation, see Image #3). Any replies made to requests sent out will be translated before sent back to the client. One of the characteristics of this scheme is that a client machine needs to establish a connection, and no outside machine can connect beyond the NAT gateway. From the security point of view this is absolutely desirable. From a practical view, it might be needed to forward single ports to inside machines, e.g. to let them handle WWW or FTP requests.

The link for this article located at BSDToday is no longer available.