diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-08-30 15:10:52 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-08-30 15:10:52 +0200 |
| commit | d2902adc84b050a342b990528cb3abd5be4015e6 (patch) | |
| tree | 6c00855aec9cde414f0801c2264d1e6b430e521c | |
| parent | e74fd985ebe77d8fc780b203af1616ba0218f0ba (diff) | |
| download | koszko-org-server-d2902adc84b050a342b990528cb3abd5be4015e6.tar.gz koszko-org-server-d2902adc84b050a342b990528cb3abd5be4015e6.zip | |
make local SMTP connections able to reach containerized Exim even when using the external IP address
| -rwxr-xr-x | guix-container.sh | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/guix-container.sh b/guix-container.sh index d117ae3..411e4ff 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -87,6 +87,13 @@ is_running() { return $? } +resolve_ipv4_domain() { + guix shell glibc -- getent ahosts "$1" | + grep -E '^([0-9]+\.){3}[0-9]+[[:space:]]+STREAM' | + head -1 | + awk '{print $1}' +} + network_setup() { SHEPHERD_PID="$1" @@ -117,6 +124,11 @@ network_setup() { -j DNAT --to-destination 10.207.87.2 done + iptables -t nat -A OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports 25,12525,465,587 \ + -j DNAT --to-destination 10.207.87.2 + cat /etc/resolv.conf | nsenter --target "$SHEPHERD_PID" --all \ /run/current-system/profile/bin/tee /etc/resolv.conf > /dev/null @@ -150,6 +162,11 @@ network_rip() { -s 10.207.87.1/24 -o "$LINKNAME" \ -j MASQUERADE done + + iptables_rip_rule -t nat -D OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports 25,12525,465,587 \ + -j DNAT --to-destination 10.207.87.2 } stop() { |