Musing of a chubby Ginger kid.

Network Address Translation was initially a way to conserve IP addresses. It takes a RFC 1918 private IP address and converts it to the IP address that is assigned by NIC or the ISP. Now it is a fairly standard way of protecting a network from unsolicited incoming connections from the big bad Internet. Since you have to explicitly allow connections in it is an easy way of having a default deny rule it catches bad filtering rules by inexperienced firewall rule writers.