In my last messages I described TCP and UDP, but left out NAT. Client<--->NAT<--->Network<--->Server. In this case, the client sends a packet with a local IP, assigned port number, a remote IP and a known port number. The NAT simply substitutes the local IP with the WAN IP. It also needs to remember the client's port number, so that when the server responds, it knows where to send the packet. The server only sees the WAN IP address and the unique port number on the NAT. So, in a very simple sense, the NAT sets up a table: Client IP client port NAT port. 192.168.1.12 7499 10945 So, when the router receives an inbound packet with port #10945, it translates that to port #7499, and changes the IP to 192.168.1.12, and sends the packet to the internal LAN. Additionally, if you have a server behind a NAT (or firewall), the NAT or firewall forwards those ports when it receives an inbound packet. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9