Prerouting & Postrouting NAT are both for external NAT when some packets are coming to your interface or going out of it and you wanna NAT the address. But OUTPUT NAT is for your local network NAT, I mean when the packets are starting from your application. I think this is a good example to figure it out better.

Dec 07, 2013 Linux iptables delete prerouting rule command - nixCraft Feb 18, 2020 Masquerading Made Simple HOWTO $> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Then finally to tell the kernel yes, you really do want to start forwarding packets: (This only needs to be done once per reboot - … Règles FORWARD et NAT - MIT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: La règle utilise la table de correspondance de paquets de NAT (-t nat) et spécifie la chaîne intégrée POSTROUTING pour NAT (-A POSTROUTING) sur le périphérique réseau externe du pare-feu (-o eth0). POSTROUTING permet aux paquets d'être modifiés lorsqu'ils quittent le périphérique

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: La règle utilise la table de correspondance de paquets de NAT (-t nat) et spécifie la chaîne intégrée POSTROUTING pour NAT (-A POSTROUTING) sur le périphérique réseau externe du pare-feu (-o eth0). POSTROUTING permet aux paquets d'être modifiés lorsqu'ils quittent le périphérique

Postrouting and IP Masquerading in Linux – Mellowhost Blog Dec 07, 2013 Linux iptables delete prerouting rule command - nixCraft Feb 18, 2020

Dec 07, 2013

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE. The rule uses the NAT packet matching table ( -t nat) and specifies the built-in POSTROUTING chain for NAT ( -A POSTROUTING) on the firewall's external networking device ( -o eth0 ). POSTROUTING allows packets to be altered as they are leaving the firewall's external device. $ iptables -t nat -A POSTROUTING -s @priv/mask -j MASQUERADE. We can modify every packets coming from the subnetwork @priv to get masqueraded. $ iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE. Or we can just tell all the network to get masqueraded. And this is it. No PREROUTING Needed. Again, you're welcome ;) I want to define a rule in iptables for postrouting in ubuntu as below: $IPTABLES -t nat -A POSTROUTING -o $EXTIF -p tcp -d xxx.xx.xx.8 -j SNAT --to-source xxx.xx.xx.238