I have an application listening on port 7162 for SNMP traps. The traps are arriving on port 162 so I have this redirect in my iptables:
-A PREROUTING -p udp -m udp --dport 162 -j REDIRECT --to-ports 7162
Do I also need to explicitly allow incoming connections to port 162 with
-A INPUT -p udp -m state --state NEW -m udp --dport 162 -j ACCEPT
Sometimes it works with just the first line, sometimes it doesn't so I'm trying to work out why that might be.
The first rule should be enough - unless you're limiting access to port 7162 in INPUT chain somehow.
In fact, your UDP packet shouldn't even pass through the INPUT chain with destination port set to 162, at least according to the following diagram: https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
Furthermore your INPUT rule seems too complicated. UDP is a stateless protocol so you're dealing with some form of states inside the netfilter. I haven't even found proper documentation on what those states mean when used with UDP.
Try monitoring both ports with tcpdump program for clues (note: if you drop any packets in it can see only the incoming packet on port 162, even listening on loop back won't reveal the redirect).PREROUTING chain, tcpdump won't see them
Edit: You're not trying the rule with connections within single machine, right? PREROUTING isn't traversed on localhost-only connections.
