Do DNAT for traffic coming from localhost

Change-Id: Ied67fb166bf4c4f7488e37bd358a51e1a23348a8

warden/root/linux/net.sh

@@ -102,12 +102,18 @@ function setup_nat() {
 
   external_interface=$(ip route get 1.1.1.1 | head -n1 | cut -d" " -f5)
 
-  # Bind chain
+  # Bind chain to PREROUTING
   (iptables -t nat -S PREROUTING | grep -q "\-j ${nat_prerouting_chain}\b") ||
     iptables -t nat -A PREROUTING \
       --in-interface "${external_interface}" \
       --jump ${nat_prerouting_chain}
 
+  # Bind chain to OUTPUT (for traffic originating from same host)
+  (iptables -t nat -S OUTPUT | grep -q "\-j ${nat_prerouting_chain}\b") ||
+    iptables -t nat -A OUTPUT \
+      --out-interface "lo" \
+      --jump ${nat_prerouting_chain}
+
   # Enable NAT on outgoing traffic
   (iptables -t nat -S POSTROUTING | grep -q "\-j MASQUERADE\b") ||
     iptables -t nat -A POSTROUTING \