Why didn’t I need a hairpin NAT with the DD-WRT setup

My old DD-WRT router was dying, so I grabbed a UniFi EdgeRouter, which is, stylistically, much more like a "real router". I have various public IPs that I have 1-to-1 NAT setup for, i.e. the internal system has an IP of 192.168.123.134 , and any external requests to 173.13.139.236 get translated to the internal IP and back.

With the new router, I had to additionally setup hairpin NAT rules, so that internal systems could reach 173.13.139.236 , by having their requests translated to the internal IP but with a source IP on the router (i.e. masqueraded NAT).

(The specific issue, as I understand it, is that if you just NAT a packet that is from an internal address so that its destination is also to an internal address, then the reply just goes back directly to the requester, but the requester sent its packet to the router, so when it sees the reply come back from not-the-router, it drops the packet as invalid.)

With my DD-WRT router, I didn't have to do the hairpin NAT rule, and I don't understand why.

Specifically, the entire config for that IP on my DD-WRT system, as far as I know!, was:

iptables -t nat -I PREROUTING -d 173.13.139.236 -j DNAT --to 192.168.123.134
iptables -t nat -I POSTROUTING -s 192.168.123.134 -j SNAT --to 173.13.139.236
iptables -I FORWARD -d 192.168.123.134 -j ACCEPT

This did, in fact, work. Indeed, it worked for years. Why?

It's totally possible that there's some other config in the DD-WRT setup that handles this, but if there is, I have no idea where it would be; I reviewed the entire config when I changed routers, and I saw nothing else related to those IPs.