Is double masquerading generally considered okay?

Masquerading is meant to provide a single, predictable translation for outbound traffic from your internal network. Doing it twice adds another translation layer, which tends to create more problems than it solves. With double translation, return traffic can become hard to trace, routing can become inconsistent, and services that rely on the original IP or embedded addresses (like certain FTP or SIP scenarios) may fail. It also makes firewall state tracking and security logging much more confusing, and can break inbound connections or port-forwarding setups that rely on a stable translation. In short, this adds complexity without a real benefit, so it’s generally avoided in production networks. You might see such a setup only in isolated lab testing to study its effects, but that doesn’t make it a recommended practice.