Netfilter and NAT
This article is a continuation of the previous two articles on Netfilter. It discusses the network address translation table of Netfilter.
With the new 2.4.0 kernel and Netfilter, you've already seen how the new filter table incorporates states such as new, established, and related. It also filters on syn, ack, rst, and other masks, so it shouldn't come as a surprise that the NAT table is also enhanced.
For those of you who used masquerading under ipchains, think of this as masquerading on steroids. Normal masquerading remains, but as a special case. In fact, if you can avoid it, you'll not want to use masquerading at allyou'll want to use the new source and destination nat.