1

I have LXC container with mail server and "dedicated" IP address.

"Dedicated" means that 25 and 110 port of the IP address are forwarded to 25 and 110 port of the container. This is done with iptables.

Let assume internal address of the container is 192.168.0.5 and public address is 30.30.30.30.

Let also assume the server has one LAN adapter "eth0" with one main IP (30.30.30.1) and several additional IP's "eth0:0" is 30.30.30.30

When mail server sends email, the email is send from main IP of the server.

How can I change this behavior and make all outgoing traffic to be via "30.30.30.30"

Nick
  • 826
  • 2
  • 15
  • 42
  • why don't you assign a 30.30.30.X ip adress to the lxc container, connected to a bridge, with eth0 inside ? this would do the job, and would simplify your setup (according to me) – Chaoxiang N Feb 18 '19 at 18:45
  • i tried this before, but decided not to do it. no particular reason, probably security. was OK until now with the mail server – Nick Feb 18 '19 at 19:13

2 Answers2

0

I found a way to do it.

Here is the rule:

iptables -t nat -I POSTROUTING -o eth0 -s 192.168.0.5 -j SNAT --to-source 30.30.30.30

Important points are:

  • rule need to be injected (insert) at the top using -I instead of -A
  • interface must be specified as eth0 instead of eth0:0
Nick
  • 826
  • 2
  • 15
  • 42
0

Remember important thing, if you would like to have all changes every time that you reboot your server, you need to complete this rule on your /etc/network/interfaces and in eth0 section: 

post-up iptables -t nat -I POSTROUTING -o eth0 -s 192.168.0.5 -j SNAT --to-source 30.30.30.30

post-down iptables -t nat -D POSTROUTING -o eth0 -s 192.168.0.5 -j SNAT --to-source 30.30.30.30

And you always have your changes ready when you reboot your server.

Pserr
  • 42
  • 3