iptables prerouting don't work

Question

I used this command block for routing 80 to 8080, but it's not working now

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -i wlp8s0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -P FORWARD ACCEPT

and iptables -L -vt nat output is;

Chain PREROUTING (policy ACCEPT 3 packets, 236 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REDIRECT   tcp  --  wlp8s0 any     anywhere             anywhere             tcp dpt:http redir ports 8080

Chain INPUT (policy ACCEPT 2 packets, 184 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 2 packets, 128 bytes)

and finally, cat /proc/sys/net/ipv4/ip_forward output => 1

uname output;

Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) GNU/Linux

What am I doing wrong ?

Answer 1

According to Frozentux "the REDIRECT target is used to redirect packets and streams to the machine itself [...] In other words, this rewrites the destination address to our own host for packets that are forwarded, or something alike."

You can try instead (command modified from https://stackoverflow.com/questions/242772/using-iptables-to-change-a-destination-port):

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <proxy_ip>:8080