diff --git a/README.md b/README.md
index 5e36534..5249cfe 100644
--- a/README.md
+++ b/README.md
@@ -189,6 +189,18 @@ set firewall ipv6-name CJD_LOCAL rule 20 state invalid enable
 set interfaces cjdns tun0 firewall local ipv6-name CJD_LOCAL
 ```
 
+#### Masquerade
+
+If you want to allow other IPv6 hosts on your network to communicate through cjdns, you can configure an IPv6 masquerade rule. All traffic sent from other hosts on the network through the cjdns interface will be NAT'd.
+
+For example, where your IPv6 network subnet is `fd94:b2f3:9442::/48`:
+```
+configure
+set interfaces cjdns tun0 masquerade from fd94:b2f3:9442::/48
+commit
+```
+If you have multiple IPv6 subnets, then they can be configured individually by setting multiple `masquerade from` source ranges. Both private/ULA and public IPv6 subnets are acceptable.
+
 #### IP Tunnel
 
 To connect to and receive a tunnel prefix from a remote peer, where `xxx.k` is the remote public key: