It could be that another rule preceding the one in question is rejecting or dropping connections. I'm afraid that it's impossible to give an answer about why it's happening without seeing your full iptables ruleset
As for the second question:
(a quote from this post)
Along with upnp, etc... The short answer is that your bitcoin client is likely connecting to peers that are just using a port other than 8333
As for the second question:
Quote from: Gavin Andresen
Bitcoin 0.3.24 adds a -port= option to listen on a port other than 8333 for incoming connections.
(a quote from this post)
Along with upnp, etc... The short answer is that your bitcoin client is likely connecting to peers that are just using a port other than 8333