Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses

1. A network address translating gateway connecting a LAN to an external network, said LAN using local IP addresses, said gateway having a local IP address that can be seen by devices on said LAN and having an external IP address that can be seen by devices on said external network, said gateway comprising a plurality of internal tables associating combinations of local IP addresses of local devices on said LAN, external IP addresses of external devices on said external network, SPI-In values, SPI-Out values, source port addresses, destination port addresses, reserved port addresses, and maintaining a list of reserved port addresses, means for performing normal address translation upon datagrams passing from said LAN to said external network and datagrams passing from said external network to said LAN, means for delivering a datagram from a local device on said LAN to an external device on said external network by receiving a datagram from a local device on said LAN intended for delivery to an external device on said external network, and determining whether said datagram is encrypted and, if said datagram is encrypted, for determining whether the SPI of said datagram is recorded in the SPI-Out field in said internal table and, if said SPI is recorded in said SPI-Out field, modifying the source IP address of said datagram to be said external IP address of said gateway and passing said datagram to said external network for routing and delivery to said external device, and if said SPI is not recorded in said SPI-Out field of said internal table, setting the SPI-In field corresponding to the local IP address of said local device equal to zero and setting said SPI-Out field equal to said SPI, modifying said source IP address of said datagram to be said external IP address of said gateway and passing said datagram to said external network for routing and delivery to said external device, and if said datagram is not encrypted, determining whether the destination port address for said datagram is included in said list of reserved port addresses and, if said destination port address is not included in said list of reserved port addresses, performing normal address translation upon said datagram and passing said datagram to said external network for routing and delivery to said external device, and if said destination port address is included in said list of reserved port addresses, determining whether said destination port address is bound to said local IP address of said local device, and if said destination port address is bound to said local IP address, performing normal address translation upon said datagram and passing said datagram to said external network for routing and delivery to said external device, and if said destination port address is not bound to said local IP address of said local device, modifying said source IP address of said datagram to be said external IP address of said gateway, binding said destination port address to said local IP address of said local device and creating an association between said destination port address and the external IP address of said external device, and passing said datagram to said external network for routing and delivery to said external device, means for delivering a datagram from said external device to said local device by receiving a datagram from said external device on said external network intended for delivery to said local device on said LAN, determining whether said datagram is encrypted and, if said datagram is encrypted, determining whether the datagram'"'"'s SPI is recorded in said SPI-In field of said internal table and, if said SPI is recorded in said SPI-In field, modifying the destination IP address of said datagram to be said local IP address of said local device and passing said datagram to said LAN for routing and delivery to said local device, and if said SPI is not recorded in said SPI-In field of said internal table, determining whether said SPI-In field corresponding to said IP address of said external device is equal to zero and, if said SPI-In field is not equal to zero, discarding said datagram, and if said SPI-In field is equal to zero, setting said SPI-In field equal to said SPI, modifying the destination IP address of said datagram to be said local IP address of said local device and passing said datagram to said LAN for delivery to said local device, and if said datagram is not encrypted, determining whether the destination port address for said datagram is included in said list of reserved port addresses and, if said destination port address is not included in said list of reserved port addresses, performing normal address translation upon said datagram and passing said datagram to said LAN for delivery to said local device, and if said destination port address is included in said list of reserved port addresses, determining whether said destination port address is bound to the local IP address of said local device, if said destination port address is not bound to said local IP address, discarding said datagram, and if said destination port address is bound to said local IP address, modifying said destination IP address of said datagram to be said local IP address of said local device, unbinding said destination port address from said local IP address, and passing said datagram to said LAN for delivery to said local device.