I actually have 2 related questions. One is why is the checkbox for the interface to masquerade checked on the WAN->reject entry, rather than the LAN->WAN entry? I think of IP masquerading as something that happens to outgoing packets (LAN->WAN) rather than incoming from the WAN.
My other question is I notice that one can create a rule for masquerading in the NAT rules tab of the same UI page (the ACTION pulldown has a MASQUERADING choice). How do these 2 settings interact -- does one override the other?
I need to point out that the router works OOTB; I am not claiming a bug necessarily. I am just trying to understand why LuCI lays these 2 items out the way it does. Thank you for your work on this essential software. I will be grateful for constructive responses.
I think you are reading that screen wrong, each line gives information about a zone, the traffic allowed from that zone to others, and the masquerading options.
So, first line gives info about the LAN zone: it is allowed to forward traffic to WAN, both input and output are allowed, and traffic leaving that zone is not masqueraded.
Second line is about the WAN zone: it is not allowed to forward traffic, output is allowed but not.input, and all traffic leaving that zone is masqueraded.
That was my own conclusion also. There is really nothing in the layout of the data on that page that indicates that the first item on each line is the index. It looks, rather, as if the first 2 items (the "from->to") would be the index, since the heading is re what to do with packets traveling from zone to zone, not just where they originate.
Maybe a dev will review this UI and make it clearer. Currently it is slightly confusing.