ron lai wrote:
> My ruleset is
> iptables -t nat -A POSTROUTING -s 172.16.119.91 -j SNAT --to-source 
> 172.16.255.123
> 
> I am using a bridge containing only one physical interface and the FTP 
> traffic goes through the bridge.


That explains it. The bridge netfilter code calls the IP POST_ROUTING
hook for outgoing packets, but the packet already went through it
during forwarding. Please try this patch, which makes the bridge
netfilter code only call the IP hook for packets that also came in
on the bridge.