iptables port forwarding

I have a CentOS server with Java/J2EE(Tomcat) installed on TCP port 8080. I have two interfaces, eth0 and lo.

I need to forward all incoming connection on TCP port 80 to 8080.

I tried doing the following which works:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to x.x.x.x:8080
iptables -A INPUT -p tcp -m state --state NEW --dport 8080 -i eth0 -j ACCEPT

where x.x.x.x is the ip associated to the eth0 interface.

This appears to also open port 8080 to the outside world, which I don't want to do. I only want port 80 exposed to the outside world, forwarding all traffic to 8080.

Any help would be appreciated.

Update : The iptables -L looks like below

[root@server admin]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       tcp  --  anywhere             anywhere            state NEW tcp dpt:http 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@server admin]# 

iptables -t nat --list looks like below

[root@server admin]# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere            tcp dpt:http to:x.x.x.x:8080 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@server admin]# ^C