%20%E3%81%AF%E3%83%AD%E3%83%BC%E3%82%AB%E3%83%AB%E3%83%9B%E3%82%B9%E3%83%88%E3%81%8B%E3%82%89%E3%81%AF%E6%A9%9F%E8%83%BD%E3%81%97%E3%81%BE%E3%81%9B%E3%82%93.png)
外部ボックスからメールサーバー (ポート 587) に接続すると、すべて正常に動作します。VM を実行しているホストから、または同じホスト上の別の VM から接続しようとすると、動作しません。
次のようなものを見つけました...
iptables -t nat -A OUTPUT -p tcp -o lo --dport 587 -j DNAT --to-destination 192.168.1.100:587
しかし、これも機能しません。SNAT はどうなっているのでしょうか。これは私の設定に欠けているものなのでしょうか?
root@vm ~ # iptables-save
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*raw
:PREROUTING ACCEPT [563710:254092285]
:OUTPUT ACCEPT [1055444:391947870]
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*nat
:PREROUTING ACCEPT [9275:477822]
:INPUT ACCEPT [627:46402]
:OUTPUT ACCEPT [2171:130644]
:POSTROUTING ACCEPT [1384:80860]
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.100:443
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.100:25
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.100:465
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.100:587
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.100:993
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*filter
:INPUT DROP [31177:1522159]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1056186:391997142]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i vmbr0 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 655 -m set --match-set ip_block_vpn src -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 465 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 587 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 993 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
有効
root@vm ~ # sysctl -a | grep net.ipv4.conf.all.route_localnet
net.ipv4.conf.all.route_localnet = 1
root@vm ~ #
Telnetによる接続試行
root@vm ~ # telnet 192.168.1.100 587
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@vm ~ # telnet 127.0.0.1 587
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@vm ~ #