Can't forward port 25 on Ubuntu server 16.04

0

I have the following setup:

  • an Ubuntu server 16.04 having two network interfaces, a WAN ens192 with a public IP, and a LAN ens160 with the local IP 10.10.0.1. All internet traffic in the LAN is routed through this server
  • an Ubuntu server 16.04 having the IP 10.10.0.5; Zimbra is installed on this server, and it can send emails, however it cannot receive

The problem seems to be that the smtp port 25 is not forwarded from the router (10.10.0.1) to the MTA (10.10.0.5).

This is my iptables config on the router:

peter@proxy:~$ sudo iptables -L -nv
Chain INPUT (policy ACCEPT 766 packets, 83783 bytes)
 pkts bytes target     prot opt in     out     source               destination
    7   364 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 197K  806M ACCEPT     all  --  ens192 ens160  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
64034 3463K ACCEPT     all  --  ens160 ens192  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.10.0.5            tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.10.0.5            tcp dpt:110
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.10.0.5            tcp dpt:587
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.10.0.5            tcp dpt:465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.10.0.5            tcp dpt:995

The mail server is listening to port 25:

peter@proxy:~$ telnet 10.10.0.5 25
Trying 10.10.0.5...
Connected to 10.10.0.5.
Escape character is '^]'.
220 mail.mydomainname.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.

But the server is not forwarding the port:

peter@proxy:~$ telnet 10.10.0.1 25
Trying 10.10.0.1...
telnet: Unable to connect to remote host: Connection refused

Any advice? For sure my config is not correct or I'm missing something. Please note that the ISP is not blocking port 25. The whole infrastructure is running on ESXi on a dedicated server rented from OneProvider

Edit
Thanks to grawity I checked again the commands I used for setting up the forwarding and I noticed a mistake:

sudo iptables -A PREROUTING -t nat -i ens160 -p tcp --dport 25 -j DNAT --to 10.10.0.5:25
sudo iptables -A FORWARD -p tcp -d 10.10.0.5 --dport 25 -j ACCEPT

I used the wrong interface name ens160, it should have been ens192 Now it's working, I can telnet in, also the mails are being received by the Zimbra server.

Thanks for the help!

PeterB

Posted 2019-04-06T15:34:12.063

Reputation: 1

Can you show the iptables DNAT rules from the router which are supposed to provide the port-forwarding? – user1686 – 2019-04-06T16:14:02.460

No answers

Asked: 2019-04-06T15:34:12.063

Viewed: 78 times

Active: 2019-04-06T17:52:23.120