Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tanairan Trezelnikov2019-01-16 19:09:14
linux
Tanairan Trezelnikov, 2019-01-16 19:09:14

How to set up SNAT for 4 addresses in iptables in Proxmox for a virtual machine with iredmail?

A server is rented from Hetzner, Proxmox is deployed on it with 5 white IPs (1.2.3.1 - 1.2.3.5).
By default, 1.2.3.5 is used to control the hypervisor itself, internal 192.168.0.1 for NAT of all virtual machines.
Iredmail is installed on a virtual machine with Ubuntu 18.04, 5 interfaces are configured on it via netplan (192.168.0.101 - 192.168.0.105). Interface 192.168.0.105 main with gateway 192.168.0.1. 192.168.0.101 - 192.168.0.104 are configured in iredmail for 4 domains.
In Proxmox, the following rules are configured for mail:

-A PREROUTING -d 1.2.3.1/32 -p tcp -m multiport --dports 25,587,110,995,143,993 -j DNAT --to-destination 192.168.0.101
-A PREROUTING -d 1.2.3.2/32 -p tcp -m multiport --dports 25,587,110,995,143,993 -j DNAT --to-destination 192.168.0.102
-A PREROUTING -d 1.2.3.3/32 -p tcp -m multiport --dports 25,587,110,995,143,993 -j DNAT --to-destination 192.168.0.103
-A PREROUTING -d 1.2.3.4/32 -p tcp -m multiport --dports 25,587,110,995,143,993 -j DNAT --to-destination 192.168.0.104
-A POSTROUTING -s 192.168.0.101/32 -j SNAT --to-source 1.2.3.1
-A POSTROUTING -s 192.168.0.102/32 -j SNAT --to-source 1.2.3.2
-A POSTROUTING -s 192.168.0.103/32 -j SNAT --to-source 1.2.3.3
-A POSTROUTING -s 192.168.0.104/32 -j SNAT --to-source 1.2.3.4
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE

3 domains with IP 192.168.0.101 - 192.168.0.103 work fine through SNAT rules, but 192.168.0.104 is not routed.
If the rule
-A POSTROUTING -s 192.168.0.104/32 -j SNAT --to-source 1.2.3.4
put first in the chain, then the rest of the rules with SNAT stop working.
Masquerading for 192.168.0.105 and other virtual machines works.
Setting up 1.2.3.1 - 1.2.3.4 directly on a virtual machine with iredmail will not work, because these addresses are also used to forward non-mail ports to other virtual machines.
How to properly configure iptables so that SNAT for 192.168.0.104 will work?
The audience needs help, advice, constructive criticism.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
d-stream, 2019-01-16
@d-stream

Just from personal, fresh: netplan was written by some Pelevin mushroom characters ... in general, I join the crowds of people shouting "throw out netplan")
Perhaps the throwing action will already be enough for the iptables rules to work as expected

Similar questions
A
Alibek Kulseitov2016-08-04 09:58:07
Show DIV if user moved mouse away from site? 6Reply
B
Bliss022021-05-03 18:53:48
How to remove selection from margin? 2Reply
G
GLaDosSystem2018-12-22 12:35:49
How to get information about an audio file from stdin? 0Reply
M
Midzakikayo2022-02-15 14:08:35
What is the correct way to compare strings in a Makefile? 0Reply
D
Drno2022-02-15 14:16:19
Why is iptables not closing a port? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question