OpenVZ – SMTP – telnet – Connection timed out

IceManSpy asked:

I have problem with SMTP in my OpenVZ container.

I’ve created OpenVZ container by Proxmox on dedicated server in OVH. This container will be as mail server. So I create on “mother-server” rules to pass ports to container (IP: 192.168.0.100):

iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 192.168.0.100:25
iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 192.168.0.100:587
iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 192.168.0.100:110
iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 192.168.0.100:143
iptables -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to-destination 192.168.0.100:995
iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 192.168.0.100:993
iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

I can receive mails but I can’t send. I can send only to local domain – for test I use calcparty.com .

In /etc/postfix/main.cf I’ve set:

inet_interfaces = all

I can make telnet localhost 25 but I can’t make telnet smtp.gmail.com .
From “mother-server” I can make telnet smtp.gmail.com 25 .

What do I do wrong ?

root@mail:~# telnet smtp.gmail.com 25
Trying 64.233.166.108...
Trying 64.233.166.109...
Trying 2a00:1450:400c:c09::6d...
telnet: Unable to connect to remote host: Connection timed out

File – /etc/resolv.conf :

search mail.calcparty.com
nameserver 8.8.4.4
nameserver 8.8.8.8
nameserver 213.186.33.99

My answer:


The masquerade rule is wrong:

iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

It is saying that packets going out the vmbr0 interface and from 192.168.0.0/24 should be masqueraded.

But no packets will ever match this, because they aren’t going out the vmbr0 interface! Instead they are going out your physical interface.

Change this to refer to packets going out the physical interface instead, for example:

iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp3s0f0 -j MASQUERADE

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.