My goal is to run a webserver on port 3000 and make it available to my network over port 80. The best answer I found so far is this nice one liner.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
But this only effects incoming packages and I would like the client to get his response back from port 80. The next problem is that the webserver should only be reachable over port 80. So far I'm stuck with this configuration.
# Default Chain Policies
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -P FORWARD DROP
# Allow Loopback Access
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
iptables -t nat -A POSTROUTING -p tcp -o eth0 --sport 3000 -j SNAT --to 192.168.0.2:80
iptables -t filter -A INPUT -i eth0 -p tcp --dport 3000 -j ACCEPT
iptables -t filter -A OUTPUT -o eth0 -p tcp --sport 3000 -j ACCEPT