Comment # 5 on bug 916771 from Carl Thompson

The problem is the FW_LO_NOTRACK option turned on by default in the openSUSE
firewall. From the description:

"Install NOTRACK target for interface lo in the raw table. Doing so speeds up
packet processing on the loopback interface. This breaks certain firewall
setups that need to e.g. redirect outgoing packets via custom rules on the
local machine."

This option breaks sshuttle. To fix it, edit the /etc/sysconfig/SuSEfirewall2
file and change the line with FW_LO_NOTRACK to

FW_LO_NOTRACK="no"

Save the file, restart the firewall or reboot and sshuttle will work from then
on.

Personally, I believe this feature of the firewall should NOT be turned on by
default. The default should always be the correct / expected behavior and
circumventing correct behavior for a performance boost should be opt-in, not
opt-out.