%EA%B0%80%20localhost%EC%97%90%EC%84%9C%20%EC%9E%91%EB%8F%99%ED%95%98%EC%A7%80%20%EC%95%8A%EC%8A%B5%EB%8B%88%EB%8B%A4..png)
외부 상자에서 메일 서버(포트 587)에 연결하면 모든 것이 작동합니다. VM을 실행하는 호스트에서 시도하거나 동일한 호스트의 다른 VM에서 시도하면 작동하지 않습니다.
나는 다음과 같은 것을 발견했습니다 ...
iptables -t nat -A OUTPUT -p tcp -o lo --dport 587 -j DNAT --to-destination 192.168.1.100:587
하지만 그것도 작동하지 않습니다. SNAT에 문제가 있나요? 이것이 내 구성에 누락된 것인가요?
root@vm ~ # iptables-save
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*raw
:PREROUTING ACCEPT [563710:254092285]
:OUTPUT ACCEPT [1055444:391947870]
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*nat
:PREROUTING ACCEPT [9275:477822]
:INPUT ACCEPT [627:46402]
:OUTPUT ACCEPT [2171:130644]
:POSTROUTING ACCEPT [1384:80860]
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.100:443
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.100:25
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.100:465
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.100:587
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.100:993
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*filter
:INPUT DROP [31177:1522159]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1056186:391997142]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i vmbr0 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 655 -m set --match-set ip_block_vpn src -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 465 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 587 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 993 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
활성화됨
root@vm ~ # sysctl -a | grep net.ipv4.conf.all.route_localnet
net.ipv4.conf.all.route_localnet = 1
root@vm ~ #
Telnet으로 연결 시도
root@vm ~ # telnet 192.168.1.100 587
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@vm ~ # telnet 127.0.0.1 587
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@vm ~ #