%20%D0%BD%D0%B5%20%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%B0%D0%B5%D1%82%20%D1%81%20%D0%BB%D0%BE%D0%BA%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B3%D0%BE%20%D1%85%D0%BE%D1%81%D1%82%D0%B0.png)
Если я подключаюсь к Mailserver (порт 587) с внешнего ящика, все работает. Если я пробую это с хоста, на котором запущена VM, или с другой VM на том же хосте, это не работает.
Я нашел что-то вроде...
iptables -t nat -A OUTPUT -p tcp -o lo --dport 587 -j DNAT --to-destination 192.168.1.100:587
но это тоже не работает. Что с SNAT, это что-то, чего не хватает в моей конфигурации?
root@vm ~ # iptables-save
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*raw
:PREROUTING ACCEPT [563710:254092285]
:OUTPUT ACCEPT [1055444:391947870]
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*nat
:PREROUTING ACCEPT [9275:477822]
:INPUT ACCEPT [627:46402]
:OUTPUT ACCEPT [2171:130644]
:POSTROUTING ACCEPT [1384:80860]
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.100:443
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.100:25
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.100:465
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.100:587
-A PREROUTING -i enp2s0 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.100:993
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
# Generated by iptables-save v1.8.2 on Sat Jan 16 05:49:53 2021
*filter
:INPUT DROP [31177:1522159]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1056186:391997142]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i vmbr0 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 655 -m set --match-set ip_block_vpn src -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 465 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 587 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.100/32 -p tcp -m tcp --dport 993 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jan 16 05:49:53 2021
Включено
root@vm ~ # sysctl -a | grep net.ipv4.conf.all.route_localnet
net.ipv4.conf.all.route_localnet = 1
root@vm ~ #
Попытка подключения через Telnet
root@vm ~ # telnet 192.168.1.100 587
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@vm ~ # telnet 127.0.0.1 587
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@vm ~ #