https://serverfault.com/a/838865

sysctl net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -p tcp -d MACHINE_B --dport 443 -j DNAT --to-destination MACHINE_C

iptables -t nat -A POSTROUTING -s MACHINE_A -o INTERFACE_NAME -j MASQUERADE

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -j ACCEPT

Please note that you might want to tweak the commands:

1. To allow packet forwardning on a specific interface only. For example:sysctl net.ipv4.conf.eth0.forwarding=1
2. To allow not only MACHINE_A, but also all others to use port forwarding, remove:-s MACHINE_A

359900cookie-checkiptables port forwardingno