Your firewall’s number one job is to separate your private network from the Internet, and use that separation to keep the bad guys out. One firewall technology that helps to create this separation (and helps with the shortage of IP addresses) in Network Address Translation (NAT).
The main idea behind NAT is that most of the computers on your network should not be accessible from the Internet. One way to keep those computers from being Internet accessible is to assign them invalid IP addresses.
In a typical NAT deployment, the only valid IP address is assigned to the firewall, all of the machines protected by the firewall are assigned IP addresses that are valid only on the private network. When a PC on the private network needs to communicate with the outside world, the computer sends its request to the firewall. The firewall then places the request on behalf of the computer that actually made the request. When the response to the request comes back, the request arrives at the firewall, and then the firewall sends the response to the appropriate computer on the private network
.For example, suppose that a user wanted to visit a Web site from a PC on the private network. The user would enter the site’s URL into their Web browser, and that would in turn get translated into an HTTP request. The request would go to the firewall, and then the firewall would use it’s own IP address to place the HTTP request on behalf of the user. When the request is answered, the response goes to the firewall, and the firewall passes the response back to the user who originally made the request.