Re: firewall rules for NAT

[Igor Cicimov <icicimov@gmail.com>]

On 29 Jun 2017 6:32 pm, "Lucio Crusca" <lucio@sulweb.org> wrote:

Il 27/06/2017 23:35, Pascal Hambourg ha scritto:

Le 27/06/2017 à 13:29, Lucio Crusca a écrit :

-A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT
--to-source 10.7.33.100

If this rule is required, then your routing setup is wrong.

Thank you very much, that was the problem. My VMs were using the host system as gateway instead of the router VM.

Ok, not sure though how does that change anything. As you said the email vm was receiving traffic with the ip of the router vm as source and since they are both on the same lan and connected to the same bridge I dont see how the default gateway can make any difference? The return traffic was already going through the router vm hence the need of the SNAT rule on it.