Yes, but only to separate ports. A connection in TCP is uniquely identified by a tuple of {source IP, source port, destination IP, destination port}. Usually the source port is automatically assigned by the source system, and it picks an unused one.
I'm looking for a link, but in the meantime, I was working on a product where we had to map every connection between 2 routers to a new connection between 2 boxes (imagine having 2 boxes MITMing 2 routers and remapping every TCP session internally so you could change the traffic transparently to the recipient).
We needed to prove we could handle 100k TCP sessions and it would fail at ~64k sessions when iptables was running on either box (even with an "allow all" rule). Otherwise our hardware would fall over around the default File Descriptor limit.
You should have a look to see how much memory the connection tracking table is actually taking up. IPTables stores a lot of its information in kernel space, but modifications are copied to user space, updated, then written back. As an example, for large project X with >100,000 users connecting through a linux-based gateway device, using a single firewall rule to allow access for each device grew larger than RAM available to the kernel. You can also tune the size of the connection tracking table (and pretty much everything else related), but 64k sessions was never a breaking point for us.
http://highscalability.com/blog/2013/5/13/the-secret-to-10-m...
https://news.ycombinator.com/item?id=5711232