SMTP (porta 587) não funciona no host local

tag-icon tag-icon iptables
SMTP (porta 587) não funciona no host local

Se eu conectar ao Mailserver (porta 587) de uma caixa externa, tudo funciona. Se eu tentar no host que executa a VM ou em outra VM no mesmo host, não funcionará.

Eu encontrei algo como...

iptables -t nat -A OUTPUT -p tcp -o lo --dport 587 -j DNAT --to-destination 192.168.1.100:587

mas isso também não funciona. O que há com o SNAT, é algo que está faltando na minha configuração?

root@vm ~ # iptables-save
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*raw
:PREROUTING ACCEPT [563710:254092285]
:OUTPUT ACCEPT [1055444:391947870]
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*nat
:PREROUTING ACCEPT [9275:477822]
:INPUT ACCEPT [627:46402]
:OUTPUT ACCEPT [2171:130644]
:POSTROUTING ACCEPT [1384:80860]
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.100:443
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.100:25
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.100:465
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.100:587
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.100:993
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*filter
:INPUT DROP [31177:1522159]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1056186:391997142]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i vmbr0 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 655 -m set --match-set ip_block_vpn src -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 465 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 587 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 993 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jan 16 05:49:53 2021

Habilitado

root@vm ~ # sysctl -a | grep net.ipv4.conf.all.route_localnet
net.ipv4.conf.all.route_localnet = 1
root@vm ~ #

Tentativa de conexão com Telnet

root@vm ~ # telnet 192.168.1.100 587
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@vm ~ # telnet 127.0.0.1 587
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@vm ~ #

informação relacionada