How to configure iptables for the application on the client machine on the internal network?

Question on iptables
There is a network of virtual machines, raised on VirtualBox

I. First, let's call it the Server plays the role of gateway
OS - Ubuntu 16.04 LTS Desktop
Has two network interfaces:
1) NAT:
enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 08:00:27:d1:38:f2 brd ff:ff:ff:ff:ff:ff
 inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
 valid_lft preferred_lft 54554sec 54554sec
 inet6 fe80::8ca9:6ac7:9b8e:b285/64 scope link 
 valid_lft forever preferred_lft forever

2) Intnet:
enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 08:00:27:c4:12:c7 brd ff:ff:ff:ff:ff:ff
 inet 192.168.3.1/24 brd 192.168.3.255 scope global enp0s8
 valid_lft forever preferred_lft forever
 inet6 fe80::3db0:c89c:7b8f:8b5c/64 scope link 
 valid_lft forever preferred_lft forever

Also installed the dnsmasq service for assigning ip addresses to hosts on the Intnet.

To ensure the Internet connection on the Client, included masquerading in iptables:
iptables-t nat -A POSTROUTING -o enp0s3 -j MASQUERADE


And forwarding ports:
sysctl -w net.ipv4.conf.all.forwarding=1


II. Second, let's call it the Client, is used to analyze the operation of the application
OS - Android KitKat 4.4
Has a single network interface:
1) Intnet:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 08:00:27:5c:0b:c5 brd ff:ff:ff:ff:ff:ff
 inet 192.168.3.70/24 brd 192.168.3.255 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::a00:27ff:fe5c:bc5/64 scope link 
 valid_lft forever preferred_lft forever

The routes on the Client:
default via 192.168.3.1 dev eth0 
default via 192.168.3.1 dev eth0 metric 204 
192.168.3.0/24 dev eth0 scope link 
192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.70 metric 204 
192.168.3.1 dev eth0 scope link

The above-described configuration provides a stable Internet connection on the Client.

On the client installed application that is running on ports 9080, 9081.
It is necessary to study the network activity, there is suspicion on security issues.

On the server installed sslsplit.

Need help in configuring iptables for removing traffic from 9080, 9081 ports on the client.

PS:
I tried to set the following settings:
iptables-t nat -A PREROUTING policy -p tcp --dport 9080 -j REDIRECT --to-ports 8443
iptables-t nat -A PREROUTING policy -p tcp --dport 9081-j REDIRECT --to-ports 8443


It was launched sslsplit parameter:
ssl 0.0.0.0 8443

Packages sslsplit did not have.

If dropati packets on the specified ports, the application, as expected, does not work:
sudo iptables-t mangle -A PREROUTING policy -p tcp --dport 9080 -j DROP
sudo iptables-t mangle -A PREROUTING policy -p tcp --dport 9081 -j DROP
April 4th 20 at 13:09
1 answer
April 4th 20 at 13:11
iptables-t nat -A PREROUTING policy -p tcp --dport 9080 -j REDIRECT --to-ports 8443
iptables-t nat -A PREROUTING policy -p tcp --dport 9081-j REDIRECT --to-ports 8443

iptables-t nat -A PREROUTING policy -p tcp --dport 9080 -j DNAT --to-destination 192.168.3.1:8443
iptables-t nat -A PREROUTING policy -p tcp --dport 9081-j DNAT --to-destination 192.168.3.1:8443

Find more questions by tags LinuxIptables