Hetzner 1 IP + Proxmox + OPNSense 和 NAT

Hetzner 1 IP + Proxmox + OPNSense 和 NAT

我在 Hetzner 有一台服务器,有 1 个公共 IP...

我在里面安装了 Proxmox,将所有流量引导到带有 OPNSense 的虚拟机。

这是我的 /etc/network/interfaces

source /etc/network/interfaces.d/*

car it
iface lo inet loopback

iface lo inet6 loopback

car enp4s0
iface enp4s0 inet static
         address 78.46.XX.76/27
         gateway 78.46.XX.65
         up route add -net 78.46.XX.64 netmask 255.255.255.224 gw 78.46.XX.65 dev enp4s0
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp -m multiport ! --dports 8022,8006 -j DNAT --to 10.10.10.1
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p udp -j DNAT --to 10.10.10.1

# route 78.46.XX.64/27 via 78.46.XX.65

iface enp4s0 inet6 static
         address 2a01:4f8:121:4c9::2/64
         gateway fe80::1

car vmbr0
iface vmbr0 inet static
         address 10.10.10.0/31
         bridge ports none
         bridge-stp off
         bridge-fd 0
         post-up iptables -t nat -A POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE
         post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE

# OPNSense WAN - Proxmox LAN

car vmbr1
iface vmbr1 inet manual
         bridge ports none
         bridge-stp off
         bridge-fd 0
#LAN

在 Proxmox 中,我有一个带有 IP 192.168.1.1 的虚拟机,其中装有 OPNSense

在 192.168.1.100 我有一个 Web 控制面板(如 cpanel webserver/电子邮件等...)

如果我在 opnsense 中禁用了反射......

Reflection for port forwards
  Reflection for 1:1
  Automatic outbound NAT for Reflection

我可以毫无问题地发送和接收电子邮件......但是虚拟机无法相互交互,这就是为什么我无法通过 cpanel 从虚拟机发送电子邮件的原因。

现在...如果我激活反射......

我可以在虚拟机之间进行交互...它们连接并将电子邮件标记为已发送...但服务器会自动退回我的电子邮件。

This is the mail system at host srv1.XXXXXX.es.

I'm sorry to have to inform you that your message could not
be delivered to one or more containers. It's attached below.

For further assistance, please send email to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<[email protected]>: mail for gmail.com loops back to myself
Reporting-MTA: dns; srv1.XXXXXX.es
X-Postfix-Queue-ID: 0EA191C4125B
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Fri, 12 Apr 2024 13:17:30 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for gmail.com loops back to myself
From SMTP Test User
Recipient [email protected]
Date Today 08:17
Testing test mail via srv1.XXXXXX.es.

Nothing to worry.

但是...如果我从 Gmail 发送电子邮件到 cpanel 内的任何托盘...它们都会顺利到达!

有人可以帮帮我吗?

相关内容