So I understand that you need to allow the connection first (right?)
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Then you need to set up the redirect (right?)
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
Then also allow the outgoing response from 8443 go to 443 (right?)
iptables -t nat -I OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports 8443
My scenario: I have an application server locally using 8443 but I want all traffic to connect using standard ports. I'm having problems with services that use my secure http port
ie. https://mywebsite.com **NOT** https://mywebsite.com/8443
Problem: I'm not sure my rules to iptalbes are correct
Best Answer
mangle - mark all incoming packets with dport 443 (second iptables chain)
nat - change destination port for market packets (third iptables chain)
filter - accept marked packet with new dport (fifth iptables chain)
on older systems use
-m state --state
instead of-m conntrack --ctstate
:This is most efficient way, this is how RH utilities do it by default for local redirects.