0
I have the following setup:
- an Ubuntu server 16.04 having two network interfaces, a WAN ens192 with a public IP, and a LAN ens160 with the local IP 10.10.0.1. All internet traffic in the LAN is routed through this server
- an Ubuntu server 16.04 having the IP 10.10.0.5; Zimbra is installed on this server, and it can send emails, however it cannot receive
The problem seems to be that the smtp port 25 is not forwarded from the router (10.10.0.1) to the MTA (10.10.0.5).
This is my iptables config on the router:
peter@proxy:~$ sudo iptables -L -nv
Chain INPUT (policy ACCEPT 766 packets, 83783 bytes)
pkts bytes target prot opt in out source destination
7 364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
197K 806M ACCEPT all -- ens192 ens160 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
64034 3463K ACCEPT all -- ens160 ens192 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.0.5 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.0.5 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.0.5 tcp dpt:587
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.0.5 tcp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.0.5 tcp dpt:995
The mail server is listening to port 25:
peter@proxy:~$ telnet 10.10.0.5 25
Trying 10.10.0.5...
Connected to 10.10.0.5.
Escape character is '^]'.
220 mail.mydomainname.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
But the server is not forwarding the port:
peter@proxy:~$ telnet 10.10.0.1 25
Trying 10.10.0.1...
telnet: Unable to connect to remote host: Connection refused
Any advice? For sure my config is not correct or I'm missing something. Please note that the ISP is not blocking port 25. The whole infrastructure is running on ESXi on a dedicated server rented from OneProvider
Edit
Thanks to grawity I checked again the commands I used for setting up the forwarding and I noticed a mistake:
sudo iptables -A PREROUTING -t nat -i ens160 -p tcp --dport 25 -j DNAT --to 10.10.0.5:25
sudo iptables -A FORWARD -p tcp -d 10.10.0.5 --dport 25 -j ACCEPT
I used the wrong interface name ens160
, it should have been ens192
Now it's working, I can telnet in, also the mails are being received by the Zimbra server.
Thanks for the help!
Can you show the iptables DNAT rules from the router which are supposed to provide the port-forwarding? – user1686 – 2019-04-06T16:14:02.460