I'm quite new to the command iptables (and linux home networking ) but the last couple of days I'm reading much about it. Now, I was reading http://www.linuxhomenetworking.com/w..._to_One_NAT.29 to configure a gateway using ip MASQUERADE.

I think I do understand how it works when a package leaves the gateway: the source address is changed to the address of the gateway.

Now, my question is: Imagine that you request a webpage on a local node (in the private network where there are e.g. 10 local nodes) a webpage on the (external) internet and the masquerading is applied, so the package will get the source address of the gateway. Now, the webserver of the webpage/website sends its reply back to the gateway; but now, when arriving at the gateway how does the gateway know to which local node (of the 10 nodes on the local network) it has to send the reply?

Now, I actually do know something about NAT and I know that NAT uses translation tables that maps local addresses to ports. Is this what happens? Does MASQUERADE take care of this? Of am I completely wrong?

Thank you,