Whats masquerading?
Masquerading is a way to allow machines to access (a limited subset of) Internet services without having to have real IP addresses assigned to them. You may want to do this both for technical reasons (if you’ve only been assigned one IP address, say for a dial-up account, but you have a whole roomfull of machines you want to be able to use) or for administrative reasons (you don’t want your machines to be able to have unfettered access to the Internet due to security concerns). To use masquerading, you need one firewall machine. This must be able to talk to the real Internet (so it needs a proper IP address) and to the client machines that hide behind it, and are typically on a private Ethernet. Masquerading works by having the firewall rewrite the headers on datagrams that pass through it from the hidden clients to the outside world, so they look like they came from the firewall machine itself. When reply datagrams come back, the firewall remembers where the original connection comes
