When does it make sense to use DNAT and not SNAT?

view story

http://serverfault.com – I want to forward port 2222 on an Ubuntu 12.04 server to remote host port 22, using iptables. After reading many web pages on port-forwarding, I issue $ sysctl net.ipv4.conf.eth0.forwarding net.ipv4.conf.eth0.forwarding = 1 $ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2222 -j DNAT --to-destination Which forwards traffic as I desired. But ssh does not work. Turns out I needed to also supply $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE And now it's good. I understand the above commands; what I don't understand is the plethora of sites gi (HowTos)