Comment 2 for bug 510086

All,

I'm unable to reproduce this problem with (pre) Eucalyptus 1.6.2; with a running active CC in MANAGED mode (which has the masq rule in place), I can telnet to localhost port 22 (for example) without a problem, and sshing to localhost shows that I'm logged in from 'localhost' (implying that there is no nat going on).

My understanding of current iptables implementations is that, for lo, the POSTROUTING chain is not traversed (i.e. there is a special path just for lo), which incidentally why the CC has to install DNAT rules in the OUTPUT chain, which is traversed when traffic originates from lo).