[systemd-devel] systemd-socket-proxyd usage: remote's directly ping-/telnet-able, but via proxy "Network is unreachable"?

[PGNd]

> The PrivateNetwork=yes will lock your service into its own virtual
> network without any connectivity outside (it will contain only a
> single loopback device). Drop this like and it should
> work.

Yep, Thanks.

Inbound traffic via the staticIP now works exactly as intended -- mail is received at/by the mailserver @ its LAN ip.

Outbound from the mailserver, however, does not send via the proxy link.

IIUC, the proxy link IS bi-directional.  But I suspect I've made an invalid assumption about what that means and what gets set up.

It appears there's link doesn't listen TO the lan IP end -- so as to be able to send/return traffic FROM the mailserver.

Do I need to additionally add the mirror systemd socket+service on the mailserver box (listemstream @ lanip, exec/forward to real IP @ VPS)? Or is that best dealt with another change on the mailserver box -- route, vpn forward, NAT rule etc?