1
1
I have multiple Ubuntu hosts, each with more Ubuntu virtual machines. One of the virtual machines is our SMTP server. On the host of the SMTP virtual machine all SMTP calls are redirected to the SMTP VM using rinetd
with the following configuration:
aa.bb.cc.dd 25 172.16.1.5 25
aa.bb.cc.dd 465 172.16.1.5 465
aa.bb.cc.dd 587 172.16.1.5 587
aa.bb.cc.dd 993 172.16.1.5 993
aa.bb.cc.dd
is the public IP address of the host where the SMTP VM is sitting. 172.16.1.5
is the internal address of the SMTP VM.
My Problem is, that I can not setup relaying on the SMTP VM, because the postfix server on the SMTP VM gets every call with aa.bb.cc.dd as originating IP address, so I can not set any filtering on relaying, but I want to enable relaying for a couple IP addresses only (for our other hosts).
Is there any possibility to forward SMTP calls to the SMTP1 VM so, that the originator's IP address is kept?
Somehow it doesn't work. I tried first to redirect the HTML port, because I could see the source IP in the apache log immediately. It simple timeouts or sometimes I get
ERR_NETWORK_CHANGED
in the browser. I added also LOG to see, that the rule is reached and it is really reached, but not forwarded. What can be wrong? My nat table looks like:LOG tcp -- 0.0.0.0/0 94.231.88.101 tcp dpt:80 LOG flags 0 level 4
DNAT tcp -- 0.0.0.0/0 94.231.88.101 tcp dpt:80 to:172.16.2.201:80
– Tibor Nagy – 2017-04-04T10:12:50.507Did you enable
ip_forward
? Please also check the default / resulting policy for the FORWARD chain,iptables -L
. It sounds like this is currently DROP (hence the timeouts). Note: as it's now clear that this is a host on the internet, you should be careful with routing - make sure you firewall it properly otherwise people could access your guest VMs. – Attie – 2017-04-04T10:31:27.213Yes,
cat /proc/sys/net/ipv4/ip_forward
returns 1. Thefilter
table has only the basic rules, i.e. INPUT/FORWARD/OUTPUT (policy ACCEPT). I'm puzzled. – Tibor Nagy – 2017-04-04T11:59:16.630One step forwards. If I add
iptables -t nat -A POSTROUTING -j MASQUERADE
, then the target system is reached, but of course I lost the original source IP. Somehow, PREROUTING doesn't work between two interfaces. – Tibor Nagy – 2017-04-04T12:17:03.443I guess, what is the problem. The VM runnig with VirtualBox has a private network, which doesn't allow to connect from an outside IP address. – Tibor Nagy – 2017-04-04T12:50:08.277
Ah, then you'll need to set the VM's routing up accordingly. – Attie – 2017-04-04T12:56:43.290