Originally posted by aragon NAT allows you to assign ip addresses to your internal network that can ONLY be accessed within your LAN. There is no way for someone outside to directly access a computer in your network.
That isn't always true, nat can work both ways to allow access from the outside into a computer as well.
The computers can access the internet through the NAT device. However, computers on the internet cannot directly access any of the computers behind the NAT device. If they ping the IP of the NAT device (router for example), the router would be the machine to respond. You can usually specify what ports should be forwarded to what machine. The rest are handled by the router/nat device. For example, if a trojan was start a server on port 123456 on one computer, the attacker wouldn't be able to connect to the server because the port wasn't forwarded. Instead, they would be connecting to the NAT device, which wouldn't be running that server, and so the attacker's attempt was fruitless. This works in the same way for blaster etc. - unless the port was forwarded then there's no way you could become infected.