I have a webserver that runs as normal user so I can't use ports below 1024.
The webserver should still be accessed at port 443. I want iptables to port forward 443 to 1443 where my webserver listens to incoming requests. These are so far my rules:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A OUTPUT -p tcp -o eth0 --sport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 1443
iptables -A OUTPUT -t nat -p tcp --dport 443 -j REDIRECT --to-port 1443
But iptables still drops the packets unless I add the following rules:
iptables -A OUTPUT -p tcp -o eth0 --sport 1443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 1443 -j ACCEPT
Now I can reach my webserver at port 443, but also at port 1443 which I don't want.
What rules am I missing so my webserver is only accessible at port 443?
Best Answer
I think the easiest way to achieve that would be: