A Firewall or Router performs IP Masquerading if it changes the source IP address and port number on every packet that originates from one side of the device before forwarding that packet to the other side. Return packets are similarly translated, so that they return to the internal machine which initiated a connection.

IP Masquerading is a popular method for hiding a protected IP address space from the Internet. Internal users access services on the Internet as usual, but Internet services only see connections that originate on the Firewall or Router.

Return to IT Security Concepts