What’s masquerading?
>A. Masquerading is a way to allow machines to access (a limited subset >of) Internet services without having to have real IP addresses >assigned to them. You may want to do this both for technical reasons >(if you’ve only been assigned one IP address, say for a dial-up >account, but you have a whole roomfull of machines you want to be able >to use) or for administrative reasons (you don’t want your machines to >be able to have unfettered access to the Internet due to security concerns). >To use masquerading, you need one firewall machine. This must be able >to talk to the real Internet (so it needs a proper IP address) and to >the client machines that hide behind it, and are typically on a >private Ethernet. Masquerading works by having the firewall rewrite >the headers on datagrams that pass through it from the hidden clients >to the outside world, so they look like they came from the firewall >machine itself. When reply datagrams come back, the firewall >remembers where the original
