CT from other CT via NAT and public IP not reachable

T

tommie

Member
Oct 6, 2014
2
0
21
Hi,

one CT works as a mailserver, reachable via NAT from external network with the following iptables-roules:

IP="xxx.xxx.xxx.xxx"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d $IP --dport 25 -i eth0 -j DNAT --to-destination 192.168.0.105:25

Is there a way to connect to the mailserver-CT from internal network via public IP?

telnet xxx.xxx.xxx.xxx 25
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused


telnet via internal IP works.


Thanks, proxmox mit openvz rocks!
 
OK, after trying for hours I found the solution - sorry for posting.

First I enabled iptables-logging to see in which way the CT tries to connect to mailserver-CT. And so I found out, that from internal-network it's over venet0 instead of eth0 - no matter, that it tried to connect via public IP.
So I only had to add the following rule:

iptables -t nat -A PREROUTING -p tcp -d $IP --dport 25 -i venet -j DNAT --to-destination 192.168.0.105:25
 
You must log in or register to reply here.
Top Bottom