From d2902adc84b050a342b990528cb3abd5be4015e6 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Wed, 30 Aug 2023 15:10:52 +0200 Subject: make local SMTP connections able to reach containerized Exim even when using the external IP address --- guix-container.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/guix-container.sh b/guix-container.sh index d117ae3..411e4ff 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -87,6 +87,13 @@ is_running() { return $? } +resolve_ipv4_domain() { + guix shell glibc -- getent ahosts "$1" | + grep -E '^([0-9]+\.){3}[0-9]+[[:space:]]+STREAM' | + head -1 | + awk '{print $1}' +} + network_setup() { SHEPHERD_PID="$1" @@ -117,6 +124,11 @@ network_setup() { -j DNAT --to-destination 10.207.87.2 done + iptables -t nat -A OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports 25,12525,465,587 \ + -j DNAT --to-destination 10.207.87.2 + cat /etc/resolv.conf | nsenter --target "$SHEPHERD_PID" --all \ /run/current-system/profile/bin/tee /etc/resolv.conf > /dev/null @@ -150,6 +162,11 @@ network_rip() { -s 10.207.87.1/24 -o "$LINKNAME" \ -j MASQUERADE done + + iptables_rip_rule -t nat -D OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports 25,12525,465,587 \ + -j DNAT --to-destination 10.207.87.2 } stop() { -- cgit v1.2.3