diff --git a/network-go/iptables/iptables.go b/network-go/iptables/iptables.go
index db01aab..2f66078 100644
--- a/network-go/iptables/iptables.go
+++ b/network-go/iptables/iptables.go
@@ -302,24 +302,24 @@ func (m *Manager) InsertPreroutingRuleOnInterface(iface, proto, sourcePort, targ
 }
 
 // InsertPostroutingMasquerade inserts a MASQUERADE POSTROUTING rule on the host
-func (m *Manager) InsertPostroutingMasquerade(sourceCIDR, proto, sourcePort, comment string) error {
-	logger.Info("IPTABLES: checking POSTROUTING MASQUERADE rule: src=%s proto=%s sport=%s comment=%q",
-		sourceCIDR, proto, sourcePort, comment)
+func (m *Manager) InsertPostroutingMasquerade(destCIDR, proto, destPort, comment string) error {
+	logger.Info("IPTABLES: checking POSTROUTING MASQUERADE rule: dst=%s proto=%s dport=%s comment=%q",
+		destCIDR, proto, destPort, comment)
 
 	// Check if rule already exists (idempotent: don't re-apply)
-	existing := m.getLineNumbers("POSTROUTING", "nat", comment, "MASQUERADE", sourceCIDR)
+	existing := m.getLineNumbers("POSTROUTING", "nat", comment, "MASQUERADE", destCIDR)
 	if len(existing) > 0 {
 		logger.Debug("IPTABLES: POSTROUTING MASQUERADE rule already exists (lines=%v), skipping", existing)
 		return nil
 	}
 
-	logger.Info("IPTABLES: inserting POSTROUTING MASQUERADE rule: src=%s proto=%s sport=%s comment=%q",
-		sourceCIDR, proto, sourcePort, comment)
+	logger.Info("IPTABLES: inserting POSTROUTING MASQUERADE rule: dst=%s proto=%s dport=%s comment=%q",
+		destCIDR, proto, destPort, comment)
 	args := []string{
 		"-w", "-t", "nat", "-I", "POSTROUTING",
-		"-s", sourceCIDR,
+		"-d", destCIDR,
 		"-p", proto,
-		"--sport", sourcePort,
+		"--dport", destPort,
 		"-m", "comment", "--comment", comment,
 		"-j", "MASQUERADE",
 	}
@@ -472,9 +472,9 @@ func (m *Manager) InsertPreroutingRuleInContainer(pid int, sourceIP, proto, sour
 }
 
 // InsertPostroutingMasqueradeInContainer inserts a MASQUERADE POSTROUTING rule inside a container namespace
-func (m *Manager) InsertPostroutingMasqueradeInContainer(pid int, sourceCIDR, proto, sourcePort, comment string) error {
-	logger.Info("IPTABLES: inserting POSTROUTING MASQUERADE rule in container PID %d: src=%s proto=%s sport=%s comment=%q",
-		pid, sourceCIDR, proto, sourcePort, comment)
+func (m *Manager) InsertPostroutingMasqueradeInContainer(pid int, destCIDR, proto, destPort, comment string) error {
+	logger.Info("IPTABLES: inserting POSTROUTING MASQUERADE rule in container PID %d: dst=%s proto=%s dport=%s comment=%q",
+		pid, destCIDR, proto, destPort, comment)
 
 	// First, try to list the chain inside the container to check state
 	output, err := m.checkContainerChainExists(pid, "nat", "POSTROUTING")
@@ -488,27 +488,27 @@ func (m *Manager) InsertPostroutingMasqueradeInContainer(pid int, sourceCIDR, pr
 	for _, line := range strings.Split(output, "\n") {
 		if strings.Contains(line, "MASQUERADE") &&
 			strings.Contains(line, comment) &&
-			strings.Contains(line, sourceCIDR) {
+			strings.Contains(line, destCIDR) {
 			ruleExists = true
 			break
 		}
 	}
 	if ruleExists {
-		logger.Info("IPTABLES: POSTROUTING MASQUERADE rule already exists in container PID %d (src=%s), skipping", pid, sourceCIDR)
+		logger.Info("IPTABLES: POSTROUTING MASQUERADE rule already exists in container PID %d (dst=%s), skipping", pid, destCIDR)
 		return nil
 	}
 
 	// Rule doesn't exist — clean up stale/duplicate rules then insert
-	patterns := []string{"MASQUERADE", comment, sourceCIDR, sourcePort}
+	patterns := []string{"MASQUERADE", comment, destCIDR, destPort}
 	if delErr := m.deleteMatchingLinesInContainer(pid, "nat", "POSTROUTING", patterns...); delErr != nil {
 		logger.Debug("IPTABLES: stale POSTROUTING cleanup in container PID %d: %v", pid, delErr)
 	}
 
 	args := []string{
 		"-I", "POSTROUTING",
-		"-s", sourceCIDR,
+		"-d", destCIDR,
 		"-p", proto,
-		"--sport", sourcePort,
+		"--dport", destPort,
 		"-m", "comment", "--comment", comment,
 		"-j", "MASQUERADE",
 	}