Closed Littlericket closed 5 years ago
I havent seen the new option "SNAT_TO_SOURCE". My bad.
:-) This is not an issue with this option anymore?
No. Works so far. I've natted the outgoing IP with iptables to extend the docker chain. I haven't checked mailcow.conf, since I needed that before the new option was available.
I have to reopen the issue. The netfilter is still banning the outgoing ip ...
Hi,
temporary fixed this by adding the SNAT IP to the netfilter whitelist. Maybe this should be persistent if the SNAT_TO_SOURCE is given?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi,
to change the outgoing ip from the mailcow service, instead of using the host's outgoing ip, i've natted the mailcow subnet with
iptables -t nat -I POSTROUTING -s 172.22.1.0/24 -j SNAT --to 136.243.102.XXX
This works as far as I can see, the containers talk with another outgoing IP adress (curl/wget www.myip.ch). Issue is now, that the netfilter logs show that he ban's himself:
Is there any chance to actually disable this behaviour for one IP / Subnet only except for disabling the netfilter completely?