我正在设置一个邮件服务器(mailcow),这是当前的基础架构:
VPS wireguard ip 表
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 42795 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT
-A PREROUTING ! -s 10.0.0.2 -j DNAT --to-destination 10.0.0.2
-A POSTROUTING -j MASQUERADE
COMMIT
VM 本地 wireguard
*nat
:PREROUTING ACCEPT [584:49760]
:INPUT ACCEPT [584:49760]
:OUTPUT ACCEPT [1097:91741]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 18442 -j DNAT --to-destination 172.27.30.127:8442
-A PREROUTING -p udp -m udp --dport 10953 -j DNAT --to-destination 172.27.30.101:10953
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 172.27.30.129:1053
-A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination 172.27.30.129:1053
-A PREROUTING -p udp -m udp --dport 17326 -j DNAT --to-destination 172.27.30.101:17326
-A PREROUTING -s 10.0.0.1/32 -p tcp -m tcp --dport 25 -j DNAT --to-destination 172.27.30.130:25
-A PREROUTING -s 10.0.0.1/32 -p tcp -m tcp --dport 465 -j DNAT --to-destination 172.27.30.130:465
-A PREROUTING -s 10.0.0.1/32 -p tcp -m tcp --dport 587 -j DNAT --to-destination 172.27.30.130:587
-A POSTROUTING -j MASQUERADE
COMMIT
它非常适合接收电子邮件(即从互联网到本地服务器的所有入站流量),但为了能够发送电子邮件,我需要通过 wireguard 隧道将邮件虚拟机(或 posfix docker 容器)端口 25,465 和 587 的出站流量路由到互联网。
我尝试了各种各样的方法,但都没有用。