add description for --proxy-forward-by-system (#97)

Author: L-Trump

en/guide/network/point-to-networking.md

@@ -74,4 +74,12 @@ Currently, the `--use-smoltcp` parameter only affects the TCP protocol. UDP and
 
 :::
 
+## Disabling Built-in NAT
+
+By default, the built-in NAT is enabled in the subnet proxy, which handles packet forwarding in user space. This allows non-gateway devices to act as subnet entry points while circumventing the limitations on packet forwarding across different operating systems.
+
+If Easytier is operating on a gateway device, users can use the --proxy-forward-by-system parameter to delegate the forwarding of subnet proxy packets to the system kernel, in which case the built-in NAT will be disabled.
+
+It is important to note that when this option is enabled, the packet forwarding of the subnet proxy will rely entirely on the operating system. Therefore, please ensure that the operating system's firewall, forwarding rules, routing rules, and other configurations are correctly set up.
+
 ---

guide/network/point-to-networking.md

@@ -74,4 +74,12 @@ easytier-core -n 10.1.1.0/24 -n 10.2.0.0/16 -n 10.3.3.3/32
 
 :::
 
+## 禁用内置NAT
+
+默认情况下，子网代理中启用了内置 NAT，在用户态处理数据包转发，使非网关设备也能成为子网入口，同时规避了不同操作系统上对于数据包转发的限制。
+
+如果 Easytier 工作在网关设备上，用户可通过 `--proxy-forward-by-system` 参数将子网代理数据包交由系统内核转发，此时内置 NAT 关闭。
+
+需要注意当该选项启用后，子网代理的数据包转发将完全依赖于操作系统，请确认操作系统的防火墙、转发规则、路由规则等配置正确。
+
 ---