Using the phone system as a somewhat imperfect analogy, a business's name and phone number are equivalent to the Internet's Domain name and IP address. To reach a business you dial that business's phone number. If the business has more than one phone number you dial each in turn, or you rely on the phone company to route your call to any inbound line that the company has available. To reach a specific department at a business you dial the business and then an extension.

To reach an Internet destination (a domain) you can use either the Domain name or its IP address to do the job. Since names are easier to remember than numbers, most often the domain name is used. This has the added advantage of asking the Internet to track down the service you are after if more than one number exists for the service. If the IP address is used, and that machine is unavailable you get the equivalent of an Internet busy signal. If you use the Domain name instead, and more than one machine can handle your request, the Internet tracks down a functioning machine and connects you.

The Internet improves on what the phone system offers in that once a Domain name is registered, it can be used anywhere in the world. IP addresses however are local and are in the custody of a specific Internet Service Provider, and therefore if a business relocates, its domain name stays the same but its IP addresses and hence its DNS entries might have to change.

Sites that already have an email server, WEB server, etc, have registered these services with a branch of the Internet Assigned Numbers Authority (www.iana.org) to register their domain name as well as to create an association of that domain name to specific IP addresses. These name registries use a system known as DNS (Domain Name System) to actually make the name to number associations. A typical business may register a name like typical.com, and then offer services to support that domain like mail.typical.com, www.typical.com , ftp.typical.com, etc. Each name has one or more associated IP addresses that are the physical addresses of the computers that can handle the requested service.

When a firewall is installed for a site that already has advertised Internet services registered, it may be necessary to alter the DNS entries for the site. The firewall becomes the only destination for all advertised services. It becomes the firewall's job to hide all the machines supporting the available services the site wishes to offer, and still allow those services to function. The outside world communicates only with the firewall, and the firewall passes requests and replies after examining each according to the rule set.

In addition to altering the DNS associations, in some cases the sites internal workstations have to be assigned new Private IP addresses. This varies from site to site.