diff --git a/astara_router/drivers/iptables.py b/astara_router/drivers/iptables.py
index 00abf08..9c170ee 100644
--- a/astara_router/drivers/iptables.py
+++ b/astara_router/drivers/iptables.py
@@ -394,7 +394,8 @@ class IPTablesManager(base.Manager):
                     ), ip_version=4)
                 )
 
-        # Add source NAT for VMs without floating IPs
+        # Add source NAT to handle NAT loopback case where external floating IP
+        # is used as the destination from internal endpoint
         mgt_if = self.get_management_network(config).interface
         rules.append(Rule(
             '-A PUBLIC_SNAT ! -o %s -j SNAT --to %s' % (
@@ -433,6 +434,10 @@ class IPTablesManager(base.Manager):
             Rule(':FORWARD - [0:0]', ip_version=4),
             Rule(':PREROUTING - [0:0]', ip_version=4)
         ]
+
+        # do not NAT traffic generated from within the appliance
+        rules.append(Rule('-A OUTPUT -j MARK --set-mark 0xACDA', ip_version=4))
+
         ext_net = self.get_external_network(config)
         if ext_net:
             ext_if = ext_net.interface
diff --git a/test/unit/drivers/test_iptables.py b/test/unit/drivers/test_iptables.py
index 982a948..391d92b 100644
--- a/test/unit/drivers/test_iptables.py
+++ b/test/unit/drivers/test_iptables.py
@@ -101,6 +101,7 @@ V4_OUTPUT = [
     ':OUTPUT - [0:0]',
     ':FORWARD - [0:0]',
     ':PREROUTING - [0:0]',
+    '-A OUTPUT -j MARK --set-mark 0xACDA',
     '-A PREROUTING -i eth1 -j MARK --set-mark 0xACDA',
     '-A PREROUTING -d 192.168.0.1/24 -j MARK --set-mark 0xACDA',
     ':POSTROUTING - [0:0]',