[systemd-devel] systemd-socket-proxyd usage: remote's directly ping-/telnet-able, but via proxy "Network is unreachable"?

PGNd dev at pgnd.us
Wed May 13 21:53:05 PDT 2015 

I'm attempting to use systemd's socket-proxyd to forward a static IP on a VPS, over a VPN to a mailserver at a remote office location, listening at a NAT'd, internal IP.

The mailserver listens @ IP = 10.2.2.12.

The staticIP at the VPS is IP = 111.222.333.444

The VPS's staticIP is pingable from the VPS

	ping -c 1 111.222.333.444
		PING 111.222.333.444 (111.222.333.444) 56(84) bytes of data.
		64 bytes from 111.222.333.444: icmp_seq=1 ttl=64 time=0.060 ms
		
		--- 111.222.333.444 ping statistics ---
		1 packets transmitted, 1 received, 0% packet loss, time 0ms
		rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms

The office's mailserver is pingable over the VPN link

	ping -c 1 10.2.2.12
		PING 10.2.2.12 (10.2.2.12) 56(84) bytes of data.
		64 bytes from 10.2.2.12: icmp_seq=1 ttl=63 time=46.8 ms
		
		--- 10.2.2.12 ping statistics ---
		1 packets transmitted, 1 received, 0% packet loss, time 0ms
		rtt min/avg/max/mdev = 46.817/46.817/46.817/0.000 ms

I can connect to the SMTP server from the VPS as well

	telnet 10.2.2.12 25
		Trying 10.2.2.12...
		Connected to 10.2.2.12.
		Escape character is '^]'.
		220 mx.mydomain.com ESMTP . No UCE permitted.
		^]
		telnet> quit
		Connection closed.

Cribbing from the nginx examples at

	http://www.freedesktop.org/software/systemd/man/systemd-socket-proxyd.html

I've created a socket unit to listen on the staticIP

	cat /etc/systemd/system/proxy-to-mailserver.socket
		[Socket]
		ListenStream=111.222.333.444:25

		[Install]
		WantedBy=sockets.target

and a service unit to forward the traffic to the mailserver listener

	cat /etc/systemd/system/proxy-to-mailserver.service
		[Unit]
		Requires=openvpn.service
		After=openvpn.service

		[Service]
		ExecStart=/usr/lib/systemd/systemd-socket-proxyd 10.2.2.12:25
		PrivateTmp=yes
		PrivateNetwork=yes

Enable/start of the socket works

	systemctl enable proxy-to-mailserver.socket
	systemctl start  proxy-to-mailserver.socket

	systemctl status proxy-to-mailserver.socket
	proxy-to-mailserver.socket
	   Loaded: loaded (/etc/systemd/system/proxy-to-mailserver.socket; enabled)
	   Active: active (listening) since Wed 2015-05-13 21:22:41 PDT; 2min 37s ago
	   Listen: 111.222.333.444:25 (Stream)

IIUC, at this point I should be able to connect to the mailserver @ the forwarded staticIP.

But, at the VPS, the connection is immediately dropped

	telnet 111.222.333.444 25
		Trying 111.222.333.444...
		Connected to 111.222.333.444.
		Escape character is '^]'.
		Connection closed by foreign host.

and @ `journalctl -f`,

	May 13 21:36:57 edge.mydomain.com systemd-socket-proxyd[5291]: Failed to connect to remote host: Network is unreachable

I'm not clear why I'm seeing "Network is unreachable" when the remote host is clearly pingable and accessible via telnet.

I suspect 'PrivateNetwork' may have a hand in it, but I'm fuzzy on usage.

What's missing or incorrect about that ^^ scenario/usage?

Thanks.

pgnd

More information about the systemd-devel mailing list