CentOS 7 방화벽: IPTables를 사용하여 SMTP 이메일을 보내도록 허용하는 방법은 무엇입니까?

서버의 컨테이너 Spring-Boot Java내부에서 애플리케이션을 실행하고 있습니다.DockerCentOS 7

[root@dev-machine ~]# rpm --query centos-release
centos-release-7-5.1804.4.el7.centos.x86_64

사용자 등록에 대한 이메일을 보내고 싶은데 서버에서는 작동하지 않고 로컬에서만 작동합니다. 그래서 방화벽 규칙이 없거나 문제가 있을 수 있다고 생각합니다.

출력은 다음과 같습니다 iptables -S.

-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o br-f0479a22f469 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-f0479a22f469 -j DOCKER
-A FORWARD -i br-f0479a22f469 ! -o br-f0479a22f469 -j ACCEPT
-A FORWARD -i br-f0479a22f469 -o br-f0479a22f469 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-3d65bc697485 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-3d65bc697485 -j DOCKER
-A FORWARD -i br-3d65bc697485 ! -o br-3d65bc697485 -j ACCEPT
-A FORWARD -i br-3d65bc697485 -o br-3d65bc697485 -j ACCEPT
-A FORWARD -o br-e9afb76ffa7a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-e9afb76ffa7a -j DOCKER
-A FORWARD -i br-e9afb76ffa7a ! -o br-e9afb76ffa7a -j ACCEPT
-A FORWARD -i br-e9afb76ffa7a -o br-e9afb76ffa7a -j ACCEPT
-A DOCKER -d 172.18.0.2/32 ! -i br-e9afb76ffa7a -o br-e9afb76ffa7a -p tcp -m tcp --dport 9000 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-f0479a22f469 -o br-f0479a22f469 -p tcp -m tcp --dport 8761 -j ACCEPT
-A DOCKER -d 172.20.0.5/32 ! -i br-f0479a22f469 -o br-f0479a22f469 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i br-f0479a22f469 ! -o br-f0479a22f469 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-e9afb76ffa7a ! -o br-e9afb76ffa7a -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-3d65bc697485 ! -o br-3d65bc697485 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o br-f0479a22f469 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-e9afb76ffa7a -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-3d65bc697485 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

이것은의 출력입니다iptables-save -C

[root@dev-machine ~]# iptables-save -c
# Generated by iptables-save v1.4.21 on Sat Sep 15 13:38:03 2018
*nat
:PREROUTING ACCEPT [19421:2552711]
:INPUT ACCEPT [18758:2423782]
:OUTPUT ACCEPT [39206:2367366]
:POSTROUTING ACCEPT [39206:2367366]
:DOCKER - [0:0]
[39177:2349612] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[44:2790] -A POSTROUTING -s 172.20.0.0/16 ! -o br-f0479a22f469 -j MASQUERADE
[2396:157880] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[62:3999] -A POSTROUTING -s 172.19.0.0/16 ! -o br-3d65bc697485 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.18.0.0/16 ! -o br-e9afb76ffa7a -j MASQUERADE
[0:0] -A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 5000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.20.0.2/32 -d 172.20.0.2/32 -p tcp -m tcp --dport 8761 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.20.0.5/32 -d 172.20.0.5/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
[0:0] -A DOCKER -i br-f0479a22f469 -j RETURN
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER -i br-e9afb76ffa7a -j RETURN
[0:0] -A DOCKER -i br-3d65bc697485 -j RETURN
[0:0] -A DOCKER ! -i br-e9afb76ffa7a -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.18.0.2:9000
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 5000 -j DNAT --to-destination 172.17.0.2:5000
[0:0] -A DOCKER ! -i br-f0479a22f469 -p tcp -m tcp --dport 8761 -j DNAT --to-destination 172.20.0.2:8761
[0:0] -A DOCKER ! -i br-f0479a22f469 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.20.0.5:8080
COMMIT
# Completed on Sat Sep 15 13:38:03 2018
# Generated by iptables-save v1.4.21 on Sat Sep 15 13:38:03 2018
*filter
:INPUT ACCEPT [495382:341584285]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [448313:353150279]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[1853096:1761639004] -A FORWARD -j DOCKER-USER
[1853096:1761639004] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[82:10098] -A FORWARD -o br-f0479a22f469 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o br-f0479a22f469 -j DOCKER
[116:11141] -A FORWARD -i br-f0479a22f469 ! -o br-f0479a22f469 -j ACCEPT
[0:0] -A FORWARD -i br-f0479a22f469 -o br-f0479a22f469 -j ACCEPT
[4610393:6820102985] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[2710958:152407715] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[186:20837] -A FORWARD -o br-3d65bc697485 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o br-3d65bc697485 -j DOCKER
[248:27845] -A FORWARD -i br-3d65bc697485 ! -o br-3d65bc697485 -j ACCEPT
[0:0] -A FORWARD -i br-3d65bc697485 -o br-3d65bc697485 -j ACCEPT
[0:0] -A FORWARD -o br-e9afb76ffa7a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o br-e9afb76ffa7a -j DOCKER
[0:0] -A FORWARD -i br-e9afb76ffa7a ! -o br-e9afb76ffa7a -j ACCEPT
[0:0] -A FORWARD -i br-e9afb76ffa7a -o br-e9afb76ffa7a -j ACCEPT
[0:0] -A DOCKER -d 172.18.0.2/32 ! -i br-e9afb76ffa7a -o br-e9afb76ffa7a -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
[0:0] -A DOCKER -d 172.20.0.2/32 ! -i br-f0479a22f469 -o br-f0479a22f469 -p tcp -m tcp --dport 8761 -j ACCEPT
[0:0] -A DOCKER -d 172.20.0.5/32 ! -i br-f0479a22f469 -o br-f0479a22f469 -p tcp -m tcp --dport 8080 -j ACCEPT
[116:11141] -A DOCKER-ISOLATION-STAGE-1 -i br-f0479a22f469 ! -o br-f0479a22f469 -j DOCKER-ISOLATION-STAGE-2
[2710958:152407715] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i br-e9afb76ffa7a ! -o br-e9afb76ffa7a -j DOCKER-ISOLATION-STAGE-2
[152:17009] -A DOCKER-ISOLATION-STAGE-1 -i br-3d65bc697485 ! -o br-3d65bc697485 -j DOCKER-ISOLATION-STAGE-2
[7321815:6972561781] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o br-f0479a22f469 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o br-e9afb76ffa7a -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o br-3d65bc697485 -j DROP
[2711226:152435865] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[16330669:15452836360] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Sat Sep 15 13:38:03 2018
[root@dev-machine ~]#

이메일 전송과 관련된 컨테이너는 다음에서 실행됩니다.172.20.0.5 8080:8080

몇 가지 비슷한 질문을 찾았습니다.

• https://stackoverflow.com/questions/25484498/mail-blocked-by-firewall
• iptables Debian Linux에서 나가는 SMTP를 허용하는 방법

질문에는 나가는 트래픽을 활성화하라는 제안이 있지만 제 경우에는 이미 켜져 있는 것 같습니다. 누락된 부분이나 오류가 있나요?

필요한 경우 여기 Spring-Boot에 속성이 있습니다(현재는 Gmail에만 해당되지만 앞으로는 환경 변수를 통해 모든 SMTP에 대해 구성 가능해야 합니다).

mail:
    host: smtp.gmail.com
    port: 587
    username: ${EMAIL_USERNAME}
    password: ${EMAIL_PASSWORD}
    protocol: smtp
    tls: true
    auth: true
    properties.mail.smtp:
        auth: true
        starttls.enable: true
        ssl.trust: smtp.gmail.com