4.5.1 What Is A Masquerading Firewall Anyway?
A masquerading firewall is simply an application/kernel modification that acts as a go-between for the masqueraded machines (the winbox in our case) and the internet. It receives requests from the masqueraded client(s) and forwards those requests on to the internet address of the target machine. In this way, a masquerading firewall is a packet filter - it filters network traffic based on information contained in the headers of network packets.
As you can see, ipchains has the ability to forward packets to and from various network interfaces. Coupled with the IP masquerading, would you not say that this is a NAT solution?
'ipchains' is initialized with just three rules or 'chains', input, output
and forward. When a packet arrives at a network interface it's fate is
determined by the input chain; if the packet is accepted by the input
chain, the kernel forwards the packet according to the destination address.