I have set up a mail server inside an OpenVZ container. An iptables rule is in place on the host to forward incoming connections from the outside world to that container. It is possible to telnet or nc the mail server from any point outside the network. Code: nunos-mbp:~ nzimas$ nc -v mail.domain.com 25 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif en0 src 192.168.1.35 port 50050 dst 1.2.3.4 port 25 rank info not available TCP aux info available Connection to mail.domain.com port 25 [tcp/smtp] succeeded! 220 mail.domain.com ESMTP Postfix (Ubuntu) quit 221 2.0.0 Bye It is not possible to access the mail server from either the host or any other guest in the network through the public IP, however. Code: root@ns428897:~# nc -vvv mail.rapidtvnews.com 25 DNS fwd/rev mismatch: mail.domains.com != ns428897.ip-1-2-3.eu mail.domain.com [1.2.3.4] 25 (smtp) : Connection refused sent 0, dcvd 0 The iptables rules look as follows: Code: Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:smtp to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:pop3 to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:imap2 to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:pop3s to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:imaps to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:ssmtp to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:submission to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:smtp to:10.10.10.4 DNAT tcp -- anywhere anywhere tcp dpt:2525 to:10.10.10.4:25 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.10.10.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Been unsuccessfully scouring the web for an answer in the last week or so.
