When IP Masquerade and Port Forwarding are in use it can be hard to know how exactly firewalls will react and how to correctly configure them. Here are some useful tips. These apply to the case where a firewall, such as Guarddog is running on the same machine as Guidedog.
IP Masquerade is transparent to the firewall. Packets appear to the firewall in their original state with none of thier fields modified. Generally you don't have to worry about IP Masquerade, but systems that lie beyond the Guidedog machine will only see packets coming directly from the Guidedog machine and never from the computers that IP Masquerade is being used for.
Port forwarding is applied before the firewall sees the packet. For example, if you are forwarding traffic for port 80 to port 8888, packets for port 80 will be modified to 8888 before being pasted to the firewall. The firewall will see 8888.
Port forwarding also has the effect of applying a form of IP Maquerade to packets. Computers that lie beyond the Guidedog machine will see forwarded packets as coming from the Guidedog machine. A firewall on the Guidedog machine will see the original source IP though.
The source IP addresses of packets are modified during IP Masquerade and Port Forwarding. You need to keep this in mind when using these features in combination with other server that use source IP address for authentication or even logging purposes. Most of the time the source IP address will always be the IP address of your Guidedog machine.