Hi,
I always worked around this problem, but now I'm just tired of it and want to do it right.
My containers have IP and internet connection like this: https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables
Lets say 10.10.10.100 is a mail server, and 10.10.10.200 is a client wanting to connect to this mailserver.
The mailserver got the domain "mail.example.org" pointing to the external IP and port forwardings from the host:
Problem now: client 10.10.10.200 can't connect to the external Ip which is resolved from the hostname mail.example.org, only to the internal IP, which will get you a certificate error.
You could edit the /etc/hosts file or setup a local dns, but that are just workarounds I don't want to use.
Is there a possibility to set iptable rules to enable NATed containers to talk with the external IP of the host node?
//////////////////
user@200:~# telnet mail.example.org 587
Trying 37.0.0.0..
telnet: Unable to connect to remote host: Connection refused
user@200:~# telnet 10.10.10.10 587
Trying 10.10.10.100...
Connected to 10.10.10.100.
Escape character is '^]'.
220 mail.example.org ESMTP Postfix
I always worked around this problem, but now I'm just tired of it and want to do it right.
My containers have IP and internet connection like this: https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables
Lets say 10.10.10.100 is a mail server, and 10.10.10.200 is a client wanting to connect to this mailserver.
The mailserver got the domain "mail.example.org" pointing to the external IP and port forwardings from the host:
-A PREROUTING -i ens3 -p tcp -m tcp --dport 587 -j DNAT --to-destination 10.10.10.100:587
-A PREROUTING -i ens3 -p tcp -m tcp --dport 993 -j DNAT --to-destination 10.10.10.100:993
-A PREROUTING -i ens3 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.10.10.100:25
-A PREROUTING -i ens3 -p tcp -m tcp --dport 993 -j DNAT --to-destination 10.10.10.100:993
-A PREROUTING -i ens3 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.10.10.100:25
Problem now: client 10.10.10.200 can't connect to the external Ip which is resolved from the hostname mail.example.org, only to the internal IP, which will get you a certificate error.
You could edit the /etc/hosts file or setup a local dns, but that are just workarounds I don't want to use.
Is there a possibility to set iptable rules to enable NATed containers to talk with the external IP of the host node?
//////////////////
user@200:~# telnet mail.example.org 587
Trying 37.0.0.0..
telnet: Unable to connect to remote host: Connection refused
user@200:~# telnet 10.10.10.10 587
Trying 10.10.10.100...
Connected to 10.10.10.100.
Escape character is '^]'.
220 mail.example.org ESMTP Postfix
Last edited:
