IP Masquerading is a networking function in Linux similar to the one-to-many (1:Many) NAT (Network Address Translation) servers found in many commercial firewalls and network routers. For example, if a Linux host is connected to the Internet via PPP, Ethernet, etc., the IP Masquerade feature allows other "internal" computers connected to this Linux box (via PPP, Ethernet, etc.) to also reach the Internet as well. Linux IP Masquerading allows for this functionality even though these internal machines don't have an officially assigned IP address.
DMZ
The term DMZ comes from the military term Demilitarized Zone. A DMZ is an area separating two armies (regions, peoples, whatever) so that soldiers in each region are far enough apart to not be able to shoot each other. Anyone inside the DMZ will likely get shot.
With respect to Firewalls, a DMZ would be a server that would be publically accessable from the rest (or much of the rest) of the internet (such as a web server).
SYN Packet
A SYN packet is a special packet that is involved in the initial connecting between a client and a server (or, really, two systems). When the server receives the SYN packet, it uses the information provided (port numbers and IP address) to send the SYN/ACK packet. This information is usually stored in memory so if the client does not send back his ACK to the server, the server can respond with another ACK/SYN packet.
The problem is that the server (which can normally have a high utilization already) uses system resources to keep track of every SYN packet that it gets. Thus, a simple SYN packet can be used in the most common DoS attack, the SYN attack, where a system is flooded with SYN packets without responses until it's resources are depleated.
