diff --git a/bin/docker-build-proxy b/bin/docker-build-proxy
index 1acc2111d..3e01d5c80 100755
--- a/bin/docker-build-proxy
+++ b/bin/docker-build-proxy
@@ -14,6 +14,6 @@ rootdir="$( cd $bindir/.. && pwd )"
 . $bindir/_tag.sh
 
 # Default to a pinned commit SHA of the proxy.
-PROXY_VERSION="${PROXY_VERSION:-5e0a15b}"
+PROXY_VERSION="${PROXY_VERSION:-21887e5}"
 
 docker_build proxy "$(head_root_tag)" $rootdir/Dockerfile-proxy --build-arg PROXY_VERSION=$PROXY_VERSION
diff --git a/proxy-init/iptables/iptables.go b/proxy-init/iptables/iptables.go
index a4a4d4ea8..e484df237 100644
--- a/proxy-init/iptables/iptables.go
+++ b/proxy-init/iptables/iptables.go
@@ -73,14 +73,17 @@ func formatComment(text string) string {
 
 func addOutgoingTrafficRules(commands []*exec.Cmd, firewallConfiguration FirewallConfiguration) []*exec.Cmd {
 	outputChainName := "PROXY_INIT_OUTPUT"
+	redirectChainName := "PROXY_INIT_REDIRECT"
 	executeCommand(firewallConfiguration, makeFlushChain(outputChainName))
 	executeCommand(firewallConfiguration, makeDeleteChain(outputChainName))
 
 	commands = append(commands, makeCreateNewChain(outputChainName, "redirect-common-chain"))
 
-	// Ingore traffic from the proxy
+	// Ignore traffic from the proxy
 	if firewallConfiguration.ProxyUid > 0 {
 		log.Printf("Ignoring uid %d", firewallConfiguration.ProxyUid)
+		// Redirect calls originating from the proxy destined for an app container e.g. app -> proxy(outbound) -> proxy(inbound) -> app
+		commands = append(commands, makeRedirectChainForOutgoingTraffic(outputChainName, redirectChainName, firewallConfiguration.ProxyUid,"redirect-non-loopback-local-traffic"))
 		commands = append(commands, makeIgnoreUserId(outputChainName, firewallConfiguration.ProxyUid, "ignore-proxy-user-id"))
 	} else {
 		log.Println("Not ignoring any uid")
@@ -241,6 +244,19 @@ func makeJumpFromChainToAnotherForAllProtocols(chainName string, targetChain str
 		"--comment", formatComment(comment))
 }
 
+func makeRedirectChainForOutgoingTraffic(chainName string, redirectChainName string, uid int, comment string) *exec.Cmd {
+	return exec.Command("iptables",
+		"-t", "nat",
+		"-A", chainName,
+		"-m", "owner",
+		"--uid-owner",strconv.Itoa(uid),
+		"-o", "lo",
+		"!", "-d 127.0.0.1/32",
+		"-j", redirectChainName,
+		"-m", "comment",
+		"--comment", formatComment(comment))
+}
+
 func makeShowAllRules() *exec.Cmd {
 	return exec.Command("iptables", "-t", "nat", "-vnL")
 }