For NAT rules, the parameters are of two kinds: one kind is selection criteria and define which ingress packets will get processed by this rule. The other kind is rewrite rules and define where the rewritten packet will eventually get sent.
The selection criteria are (among others) src-address, src-port, dst-address, dst-port, in-interface … A rule doesn’t have to have all those criteria defined, implicit default is wildcard. And NAT rule processing is done in the order as they are defined from top to bottom. Hence rule order does matter and packet will get processed by first rule matching criteria. Hence more general rules have to be lower on the list.
In your case you have two rules with exactly the same selection criteria and the first one (with to-address set to 192.168.2.150) gets executed. With identical selection criteria there’s no way to have both rules active for different ingress packets.
As @evince wrote, you have to change one of rules to different selection criteria, the easiest way is to use different dst-port (that’s port number that client on internet is trying to use to establish connection). And add additional selection criteria, such as src-address(-list) to make your redirection less vulnerable.
The second part (the rewrite rules) will rewrite whichever fields are defined. In your case both NAT rules rewrite dst-address (with value of to-addresses) and dst-port (with value of to-ports). Note that plural use of these two parameters (to-addresses and to-ports) is unfortunate as it is not possible to rewrite ingress packet to more than one destination (either address or port) … there’s an exception to what I wrote, but it doesn’t apply to your case).
Can connect from 192.168.5.105 to both RDP sessions on the 192.168.2.0 subnet.
So setup an rdp session from 192.168.5.105 to 192.168.2.150 and second session to 192.168.2.183
I removed the dstnat rule and added a second NAT rule