Am 01.06.2012 02:15, schrieb RYAN M. vAN GINNEKEN: > This machine is on the same LAN as the server its ip is 10.0.0.108 and the > server is 10.0.0.102 however these > machines are all virtual on the same hardware. As seen in the logs postfix > trys to deliver to the external ip > 204.X.X.X where sure enough it get disconnected and im not sure why however i > can connect to postfix on using the > interal IP > > telnet 10.0.0.102 25 > Trying 10.0.0.102... > Connected to 10.0.0.102. > Escape character is '^]'. > 220 mx1.computerking.ca ESMTP Postfix\ > > I have added mx1.computerking..ca to the hosts file to try and fix things and > now i can even telnet to the hostname > since i added the LAN ip in hosts > > telnet mx1.computerking.ca 25 > Trying 10.0.0.102... > Connected to mx1.computerking.ca. > Escape character is '^]'. > 220 mx1.computerking.ca ESMTP Postfix > > However Postfix insists on sending to the external ip address probably an mx > record thing and i telnet does not > work there > telnet 204.244.122.131 25 > Trying 204.244.122.131... > telnet: Unable to connect to remote host: Connection timed out > > I'm not sure why the vm cannot connect to the other vm on the external ip, > but is there anyway to make postfix use > the LAN address or is there a better way to fix this?
/etc/hosts is per default not relevant for MTAs becasue they use MX records which can and do often differ from A-Records and /etc/hosts can not provide this if you are have a mailserver you should use your own DNS server in your LAn with proper records for internal servers that you can not connect to the public IP has nothing to do with VM or not it is simply your router which does not like connects from the lAN side to WAN addresses nor translate them to your local IPs, one reason more for a internal DNS view! cisco routers can deal with this and rewrite the dns-anserws with public IPs matching NAt rules - but this has the side effect that you always will get your LAN-IPs if you make any DNS request even to 8.8.8.8 additionally you should NOT rely on such translations even if they are working . iwas there for years and after a infrastructure-change we got a router from our ISp which did not translate and even does not support this _> finally i spent the whole next night to change our DNS backends in a way importing all zones on both internal nameservers and translate Public/NAt in the zone-files, not a big deal in the case you have your own backend software but not funny if you are sitting in your copmany NAT-LAN without any access to your own public servcices because you relied on your public ones nad the router-translation
signature.asc
Description: OpenPGP digital signature
