On Wed, 07 May 2014 12:23:12 +0200 Blaise Hizded <bla...@ovh.fr> wrote:
> As Henning Brauer said, the rewrite are applied immediately. So the > first match rule will rewrite IP from the packet and the second match > will be evaluated on the new IP rewritten. > There is no win, the packet is passed thru all match rules and the > action is applied directly if it match, from first to last. Oh, I understand now, thank you for your explanation. Second match rule would not trigger simply because source address of every request from 192.168.1.0/24 is already rewritten with the first match rule, so packet coming from 192.168.1.55 is actualy already counted as coming from translated public address X.X.X.X. -- Marko Cupać
