I am using an Ubuntu 16 server.
I am trying to use iptables to forward a port from a particular network adapter and port to a specific port on lo/127.0.0.1. It seems like the correct tool.
By way of an example, let us imagine I want adapter ens192 to forward incoming traffic on port 8443 to 127.0.0.1:443. I do not want ens192's 443 to reach 127.0.0.1:443... it should appear closed.
I've made the following calls (as sudo su, for convenience) on a fresh install:
# sysctl -w net.ipv4.ip_forward=1 # permits port-forwarding
# sysctl -w net.ipv4.conf.ens192.route_localnet=1 # permits routing adapter 2 localhost
# iptables -P INPUT DROP
# iptables -t nat -A PREROUTING -i ens192 -p tcp --dport 8443 -j DNAT \
--to-destination 127.0.0.1:443
# iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
However, this doesn't work... browsing to [ip]:8443 doesn't yield the desired results... the browser times out.
I have validated that the server is running properly at the desired port.
I assume that the browser's TCP request changes within the server to appear as if it contacts 127.0.0.1:443 instead. Then, when responding, the IP address translates back to the address/port of ens192 instead as it leaves. Or... not?