Hi, I am running a NATed mailserver in a lxc container in a Proxmox4 host, the latter uses Shorewall 4.6 (my favorite). I have detailed the setup and the inbound smtp traffic blockage in https://forum.proxmox.com/threads/sending-and-receiving-emails-issue.55531/post-396570 with the iptables-save output in http://ix.io/3pQ6.
Briefly stating, everything works except inbound emails on smtp port 25!? The server is a KVM instance in a datacenter which does not block any ports at all (so this does not seem to be a problem). However, after reading https://stackoverflow.com/a/41522265, I felt like could that the bottleneck in this case could be shorewall running inside proxmox host?! The postfix in the proxmox host (server2.domain.tld): root@server2:~# netstat -lnp | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8563/master tcp6 0 0 :::25 :::* LISTEN 8563/master The postfix in the lxc guest running mail.domain.tld (192.168.25.110): root@mail:~# netstat -lnp | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 593/master tcp6 0 0 :::25 :::* LISTEN 593/master Both appears to be working alright. I have created interfaces as follows: root@server2:~# cat /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect blacklist,nosmurfs dmz venet0 detect routeback dmz vmbr0 detect routeback,bridge The zones look like following: root@server2:~# cat /etc/shorewall/zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 dmz ipv4 I have disabled ipv6 and pve-firewall and ufw completely in the proxmox host and the lxc guest respectively, fyi. Any inputs to overcome this issue whining me for years shall be appreciated! Cheers, and stay safe, /z -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-. CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its contents by anyone other than the intended recipient is unauthorized as it contains privileged and confidential information, and is subject to legal privilege. Please do not re/distribute it. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver the email and part of its contents to anyone this message (or any part of its contents or take any action in connection to it. In such case, you should destroy this message, and notify the sender immediately. If you have received this email in error, please notify the sender or your sysadmin immediately by e-mail or telephone, and delete the e-mail from any computer. If you or your employer does not consent to internet e-mail messages of this kind, please notify the sender immediately. All reasonable precautions have been taken to ensure no viruses are present in this e-mail and attachments included. As the sender cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments it is recommended that you are responsible to follow your virus checking procedures prior to use. The views, opinions, conclusions and other informations expressed in this electronic mail are not given or endorsed by any company including the network providers unless otherwise indicated by an authorized representative independent of this message. -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
