On 05/07/2014 12:41 PM, Marko Cupać wrote:
> On Wed, 07 May 2014 12:23:12 +0200
> Blaise Hizded <bla...@ovh.fr> wrote:
>
>> As Henning Brauer said, the rewrite are applied immediately. So the
>> first match rule will rewrite IP from the packet and the second match
>> will be evaluated on the new IP rewritten.
>> There is no win, the packet is passed thru all match rules and the
>> action is applied directly if it match, from first to last.
> Oh, I understand now, thank you for your explanation. Second match rule
> would not trigger simply because source address of every request from
> 192.168.1.0/24 is already rewritten with the first match rule, so
> packet coming from 192.168.1.55 is actualy already counted as coming
> from translated public address X.X.X.X.
Yes exactly, except if X.X.X.X is 192.168.1.55, then the second match
rule will rewrite it to Y.Y.Y.Y.
But it's the only case where your second rule can match.
