How to divert connection or packet before routing decision entering the default chain using iptables

before the packets ports (443) entering the firewall i would like to divert incoming packet of server (443) to input chain goes to FORWARD chain
so thats the incoming packets 100.43.xx.xx --sport 443 are send it to FORWARD instead of input chain
how to configure this in OUTPUT,FORWARD,POST AND PREROUTING CHAIN

and this is my nf_conntrack
tcp 6 431977 ESTABLISHED src=192.168.xx.xx dst=100.43.xx.xx sport=33575 dport=443

                                   src=100.43.xx.xx dst=192.168.xx.xx sport=443 dport=33575 [ASSURED] mark=0 use=1

tcp 6 431867 ESTABLISHED src=192.168.xx.xx dst=100.43.xx.xx sport=54461 dport=443

                                   src=100.43.xx.xx dst=192.168.xx.xx sport=443 dport=54461 [ASSURED] mark=0 use=1

my iptables rules
root@kali:~# iptables-save

Generated by iptables-save v1.4.21 on Sun Jan 14 15:20:35 2018

nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [3409:2036610]
-A POSTROUTING -o wlan0 -m state --state NEW,RELATED,ESTABLISHED -j MASQUERADE
filter
:INPUT ACCEPT [333:6760]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [333:6760]
-A INPUT -i wlan0 -p tcp -s 100.43.xx.xx --sport 443 -j DROP
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
root@kali:~#

asked Jan 15 by Horo07 (120 points)

1 Answer

If a packet is forwarded by iptables (e.g. by a rule in PREROUTING chain) https://www.systutorials.com/816/port-forwarding-using-iptables/ , it will go through the FORWARD chain.

answered Jan 24 by Eric Z Ma (44,280 points)

Please log in or register to answer this question.

Copyright © SysTutorials. User contributions licensed under cc-wiki with attribution required.
Hosted on Dreamhost

...