[suse-security] iptables: DNAT from port x to port y

[Dominik Klein <dk@xxxxxxxxxxxxxxxx>]

Hi,

my linux router is supposed to forward https requests to the http port 
on my webserver.

Is this possible with iptables?

I thought that these lines should do (there is more in my iptables 
script, but I think this is the interesting part):
--snip--
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d $routerip --dport 443 
-j DNAT --to-destination $webserverip:80
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp -d $webserverip --dport 80 
-j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -d $routerip --dport 443 -j ACCEPT
--snip--

But apparently, clients still get forwarded to https, and as there is no 
https, they run into a timeout.

Am I missing something or is this not possible?

Regards,
Dominik

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here