diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index eb7d665be..940e24e68 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -774,7 +774,7 @@ fi</programlisting>
     </section>
 
     <section id="masq">
-      <title>./etc/shorewall/masq and Multi-ISP</title>
+      <title>./etc/shorewall/masq (/etc/shorewall/snat) and Multi-ISP</title>
 
       <para>If you masquerade a local network, you will need to add masquerade
       rules for both external interfaces. Referring to the diagram above, if
@@ -786,6 +786,13 @@ fi</programlisting>
 eth0             0.0.0.0/0         206.124.146.176
 eth1             0.0.0.0/0         130.252.99.27</programlisting>
 
+      <para>When running Shorewall 5.0.14 or later, the equivalent
+      <filename>/etc/shorewall/snat</filename> is:</para>
+
+      <programlisting>#ACTION                SOURCE          DEST                PROTO   PORT
+SNAT(206.124.146.176)  0.0.0.0/0       eth0
+SNAT(130252.99.27)     0.0.0.0/0       eth1</programlisting>
+
       <para>If you have a public subnet (for example 206.124.146.176/30)
       behind your firewall, then use exclusion:</para>
 
@@ -793,6 +800,12 @@ eth1             0.0.0.0/0         130.252.99.27</programlisting>
 eth0             !206.124.146.176/29  206.124.146.176
 eth1             0.0.0.0/0            130.252.99.27</programlisting>
 
+      <para>The equivalent <filename>/etc/shorewall/snat</filename> is:</para>
+
+      <programlisting>#ACTION                SOURCE              DEST                PROTO   PORT
+SNAT(206.124.146.176)  !206.124.146.176/29 eth0
+SNAT(130.252.99.27)    0.0.0.0/0           eth1</programlisting>
+
       <para>Note that exclusion is only used on the interface corresponding to
       internal subnetwork.</para>
 
@@ -801,10 +814,10 @@ eth1             0.0.0.0/0            130.252.99.27</programlisting>
       contains all of those addresses from being masqueraded.</para>
 
       <warning>
-        <para>Entries in <filename>/etc/shorewall/masq</filename> have no
-        effect on which ISP a particular connection will be sent through. That
-        is rather the purpose of entries in
-        <filename>/etc/shorewall/mangle</filename> and
+        <para>Entries in <filename>/etc/shorewall/masq</filename>
+        (<filename>/etc/shorewall/snat</filename>) have no effect on which ISP
+        a particular connection will be sent through. That is rather the
+        purpose of entries in <filename>/etc/shorewall/mangle</filename> and
         <filename>/etc/shorewall/rtrules</filename>.</para>
       </warning>
     </section>
@@ -830,7 +843,8 @@ Feb  9 17:23:45 gw.ilinx kernel: ll header: 00:a0:24:2a:1f:72:00:13:5f:07:97:05:
       206.124.146.176. Another gotcha is that the incoming packet has already
       had the destination IP address changed for DNAT or because the original
       outgoing connection was altered by an entry in
-      <filename>/etc/shorewall/masq</filename> (SNAT or Masquerade). So the
+      <filename>/etc/shorewall/masq</filename> or
+      <filename>/etc/shorewall/snat</filename> (SNAT or Masquerade). So the
       destination IP address (206.124.146.176) may not have been the
       destination IP address in the packet as it was initially
       received.</para>
@@ -960,6 +974,13 @@ net        net            DROP</programlisting>
       <programlisting>#INTERFACE       SOURCE            ADDRESS
 eth0             0.0.0.0/0         206.124.146.176
 eth1             0.0.0.0/0         130.252.99.27</programlisting>
+
+      <para>When running Shorewall 5.0.14 or later, the equivalent
+      <filename>/etc/shorewall/snat</filename> is:</para>
+
+      <programlisting>#ACTION                SOURCE          DEST                PROTO   PORT
+SNAT(206.124.146.176)  0.0.0.0/0       eth0
+SNAT(130.252.99.27)    0.0.0.0/0       eth1</programlisting>
     </section>
 
     <section id="Applications">
@@ -1050,7 +1071,8 @@ DNAT           net                loc:192.168.1.3   tcp       25               <
 
         <listitem>
           <para>For each external interface, you need to add an entry to
-          <filename>/etc/shorewall/masq</filename>.</para>
+          <filename>/etc/shorewall/masq</filename>
+          (<filename>/etc/shorewall/snat</filename>).</para>
         </listitem>
       </orderedlist>
 
@@ -1066,6 +1088,14 @@ ISP3    3       3       main            eth3            16.105.78.254   track,ba
 eth0             0.0.0.0/0         206.124.146.176
 eth1             0.0.0.0/0         130.252.99.27
 eth3             0.0.0.0/0         16.105.78.4</programlisting></para>
+
+      <para>When running Shorewall 5.0.14 or later, the equivalent
+      <filename>/etc/shorewall/snat</filename> is:</para>
+
+      <programlisting>#ACTION                SOURCE          DEST                PROTO   PORT
+SNAT(206.124.146.176)  0.0.0.0/0       eth0
+SNAT(130.252.99.27)    0.0.0.0/0       eth1
+SNAT(16.105.78.4)      0.0.0.0/0       eth2</programlisting>
     </section>
 
     <section id="rtrules">
@@ -2498,8 +2528,9 @@ exit 0
         </listitem>
 
         <listitem>
-          <para>Entries in <filename>/etc/shorewall/masq</filename> must be
-          qualified by the provider name (or number).</para>
+          <para>Entries in <filename>/etc/shorewall/masq</filename> and
+          <filename>/etc/shorewall/snat</filename> must be qualified by the
+          provider name (or number).</para>
         </listitem>
 
         <listitem>
diff --git a/docs/NAT.xml b/docs/NAT.xml
index 1dcf6a73b..f7f2d5490 100644
--- a/docs/NAT.xml
+++ b/docs/NAT.xml
@@ -79,7 +79,8 @@
 
     <para>Be sure that the internal system(s) (10.1.1.2 and 10.1.1.3 in the
     above example) is (are) not included in any specification in
-    <filename>/etc/shorewall/masq</filename> or
+    <filename>/etc/shorewall/masq</filename>
+    (<filename>/etc/shorewall/snat</filename>) or
     <filename>/etc/shorewall/proxyarp</filename>.</para>
 
     <note>
diff --git a/docs/PacketHandling.xml b/docs/PacketHandling.xml
index e150783f7..5347946d6 100644
--- a/docs/PacketHandling.xml
+++ b/docs/PacketHandling.xml
@@ -311,9 +311,10 @@
 
       <listitem>
         <para>The source IP address may be rewritten according to an entry in
-        the <filename>/etc/shorewall/masq</filename> file. If this is a new
-        connection request, then the rewriting occurs in a
-        <emphasis>nat</emphasis> table chain called <emphasis
+        the <filename>/etc/shorewall/masq</filename> or
+        <filename>/etc/shorewall/snat</filename> file (Shorewall 5.0.14 or
+        later). If this is a new connection request, then the rewriting occurs
+        in a <emphasis>nat</emphasis> table chain called <emphasis
         role="bold"><emphasis>interface</emphasis>_masq</emphasis> where
         <emphasis>interface</emphasis> is the interface on which the packet
         will be sent. For packets that are part of an already established
diff --git a/docs/ProxyARP.xml b/docs/ProxyARP.xml
index ec778a2fd..396ba47b1 100644
--- a/docs/ProxyARP.xml
+++ b/docs/ProxyARP.xml
@@ -98,7 +98,8 @@
 
     <para><emphasis role="bold">Be sure that the internal systems
     (130.242.100.18 and 130.252.100.19 in the above example) are not included
-    in any specification in <filename>/etc/shorewall/masq</filename> or
+    in any specification in <filename>/etc/shorewall/masq</filename>
+    (/etc/shorewall/snat on Shorewall 5.0.14 or later) or
     <filename>/etc/shorewall/nat</filename>.</emphasis></para>
 
     <note>