One good fellow in Australia (I think Paul Russell) did this ipchains
thing and has a nice writeup about it. Read it if you can find it.
Now the cookbook note about doing masquerading, by Pete Zaitcev:

# May need this with 2.1.x kernel.
#/sbin/modprobe ip_masq_ftp.o                    # Non-PASV FTP transfers
#/sbin/modprobe ip_masq_raudio.o                 # Realaudio audio streaming

# If you want a firewall, do this:
#/sbin/ipchains -P forward DENY

# Now open forwarding path
echo "1" > /proc/sys/net/ipv4/ip_forward

# And finally insert a rule into forward chain which directs outgoing
# packets into masquerading code. Inbound packeds get into demasquerading
# code automagically because they have proxy system as destination.
/sbin/ipchains -I forward -s 192.168.128.0/255.255.255.0 -j MASQ

Tue Sep 22 12:22:44 PDT 1998