Network issuue
God afternon.
I would like to get some explanations about what is going here.
I have a domain name hosted at dyndns.
In my machine i have a container CT104 with a mail service runing. It´s working god.
The only issue i have is that inside my network i can't conect to smtp service.
localhost:~# nc mydomain.com 25
mydomain.com [85.138.156.5] 25 (smtp) : Connection refused
But if i try to conect to the internal ip it works
localhost:~# nc 192.168.1.104 25
220 mail ESMTP Postfix (Debian/GNU)
I´m using Debian 5.0 and 2.6.26-2-openvz-686
The script that i use in my iptables rules:
#==============DELETE ALL===========
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sysctl -w net.ipv4.conf.all.forwarding=1
iptables-save
#=====EMAIL SERVICES=====================
#----SMTP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 25 -d 192.168.1.104 -j ACCEPT
#----POP3
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 110 -d 192.168.1.104 -j ACCEPT
#----POP3S
iptables -t nat -A PREROUTING -p tcp --destination-port 995 -j DNAT --to 192.168.1.104
#----IMAP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
#----IMAPS
iptables -t nat -A PREROUTING -p tcp --destination-port 993 -j DNAT --to 192.168.1.104
This is a test with the tcpdump:
localhost:~# tcpdump -n -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
18:40:08.184071 IP 84.128.12.5.41373 > 84.128.12.5.25: S 1200684492:1200684492(0) win 32792 <mss 16396,sackOK,timestamp 5482477 0,nop,wscale 7>
18:40:08.184191 IP 84.128.12.5.25 > 84.128.12.5.41373: R 0:0(0) ack 1200684493 win 0
localhost:~# tcpdump -n -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
18:45:01.525783 IP 84.128.12.5.59531 > 84.128.12.5.25: S 1508300140:1508300140(0) win 32792 <mss 16396,sackOK,timestamp 5555813 0,nop,wscale 7>
18:45:01.525808 IP 84.128.12.5.25 > 84.128.12.5.59531: R 0:0(0) ack 1508300141 win 0
I also loged droped conections in port 25 in iptables
Jun 13 18:19:56 localhost kernel: [22486.880458] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=84.128.12.5 DST=84.128.12.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19426 DF PROTO=TCP SPT=60175 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Jun 13 18:20:48 localhost kernel: [22543.455541] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=84.128.12.5 DST=84.128.12.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35197 DF PROTO=TCP SPT=60179 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
localhost:~# ip route
192.168.1.102 dev venet0 scope link
192.168.1.106 dev venet0 scope link
192.168.1.104 dev venet0 scope link
192.168.1.110 dev venet0 scope link
192.168.1.0/24 dev vzbr1 proto kernel scope link src 192.168.1.10
85.138.144.0/20 dev eth0 proto kernel scope link src 84.128.12.5
default via 85.138.159.254 dev eth0
eth0 Link encap:Ethernet HWaddr 00:21:85:15:be:df
inet addr:84.128.12.5 Bcast:85.138.159.255 Mask:255.255.240.0
inet6 addr: fe80::221:85ff:fe15:bedf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:62591 errors:0 dropped:0 overruns:0 frame:0
TX packets:38893 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54542230 (52.0 MiB) TX bytes:6155310 (5.8 MiB)
Interrupt:221
eth1 Link encap:Ethernet HWaddr 00:11:6b:95:e1:f0
inet6 addr: fe80::211:6bff:fe95:e1f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35147 errors:0 dropped:0 overruns:0 frame:0
TX packets:44870 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4752597 (4.5 MiB) TX bytes:38601985 (36.8 MiB)
Interrupt:16 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3672 (3.5 KiB) TX bytes:3672 (3.5 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:56913 errors:0 dropped:0 overruns:0 frame:0
TX packets:73935 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29590755 (28.2 MiB) TX bytes:52494880 (50.0 MiB)
veth102.1 Link encap:Ethernet HWaddr 00:18:51:eb:74:52
inet6 addr: fe80::218:51ff:feeb:7452/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27041 errors:0 dropped:0 overruns:0 frame:0
TX packets:22871 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12684935 (12.0 MiB) TX bytes:3482036 (3.3 MiB)
vzbr1 Link encap:Ethernet HWaddr 00:11:6b:95:e1:f0
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:6bff:fe95:e1f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12466 errors:0 dropped:0 overruns:0 frame:0
TX packets:17835 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:543765 (531.0 KiB) TX bytes:25507518 (24.3 MiB)
I wold like to conect using my domain name. Can somebody tell me what should i do, or read?
Thanks.