I've created a fairly simple port forwarding rule to redirect requests to port 25 to a specific container in the virtual environment:
iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to 10.10.10.4
The forwarding appears to be working. When I access it from the outside world via telnet, I can reach the destination mail server:
telnet mail.mydomain.tld 25
Trying 1.2.3.4...
Connected to mail.mydomain.tld.
Escape character is '^]'.
220 mail.mydomain.tld ESMTP Postfix (Ubuntu)
quit
221 2.0.0 Bye
However, when I run a traceroute to Gmail from within the destination container where Postfix is running, it leads nowhere. The end result is that all non-local mail delivery gets deferred with a 4.3.0 DSN code.
When i delete the aforementioned iptables port forwarding rule from the PREROUTING chain, traceroute hops all the way to the destination IP.
This is th exact traceroute command I'm using:
traceroute -n -T -p 25 gmail-smtp-in.l.google.com
My best guess is that I am missing some rule in the INPUT chain. But if this were the case, i don't understand why telneting from the outside would work.
Right now I do not have any rules in the INPUT chain (don't actually remember ever needing any in this particular environment).
I've read somewhere that adding the rule below could address the issue, but I haven0t tried yet, lest it have some nefarious consequence. This is a production environment after all.
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT