Run SMTP server EKS and export port 25 via NLB load balancer

0

I have an EKS cluster that runs custom SMTP services. I wish to expose them on ports 2587 and 25.

My problem is that port 2587 is reachable via telnet but port 25 is not. I have already requested 25

I have a NLB LoadBalancer service in EKS that looks like this:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"service.beta.kubernetes.io/aws-load-balancer-backend-protocol":"tcp","service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout":"300","service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled":"true","service.beta.kubernetes.io/aws-load-balancer-eip-allocations":"eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a","service.beta.kubernetes.io/aws-load-balancer-scheme":"internet-facing","service.beta.kubernetes.io/aws-load-balancer-type":"nlb-ip"},"name":"smtp2-server","namespace":"default"},"spec":{"ports":[{"name":"smtp","port":25,"protocol":"TCP","targetPort":2727},{"name":"smtpsslalt","port":2587,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold2","port":2465,"protocol":"TCP","targetPort":2727},{"name":"smtpsslold","port":465,"protocol":"TCP","targetPort":2727},{"name":"smtpssl","port":587,"protocol":"TCP","targetPort":2727},{"name":"smtpalt","port":2525,"protocol":"TCP","targetPort":2525},{"name":"http","port":80,"protocol":"TCP","targetPort":8000},{"name":"httpalt","port":8000,"protocol":"TCP","targetPort":8000},{"name":"https","port":8443,"protocol":"TCP","targetPort":8443},{"name":"httpsalt","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"component":"smtp2"},"type":"LoadBalancer"}}
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eipalloc-0e00cb13fa532a3bf,eipalloc-0fceb973a8518a71a
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
  creationTimestamp: "2023-05-25T10:53:12Z"
  finalizers:
  - service.kubernetes.io/load-balancer-cleanup
  - service.k8s.aws/resources
  name: smtp2-server
  namespace: default
  resourceVersion: "491045698"
  uid: 853c59cd-f7b7-408c-8404-5cda6a84d0ec
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 172.20.216.245
  clusterIPs:
  - 172.20.216.245
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: smtp
    nodePort: 31618
    port: 25
    protocol: TCP
    targetPort: 2727
  - name: smtpsslalt
    nodePort: 32023
    port: 2587
    protocol: TCP
    targetPort: 2727
  - name: smtpsslold2
    nodePort: 30528
    port: 2465
    protocol: TCP
    targetPort: 2727
  - name: smtpsslold
    nodePort: 31557
    port: 465
    protocol: TCP
    targetPort: 2727
  - name: smtpssl
    nodePort: 32165
    port: 587
    protocol: TCP
    targetPort: 2727
  - name: smtpalt
    nodePort: 32140
    port: 2525
    protocol: TCP
    targetPort: 2525
  - name: http
    nodePort: 32691
    port: 80
    protocol: TCP
    targetPort: 8000
  - name: httpalt
    nodePort: 30157
    port: 8000
    protocol: TCP
    targetPort: 8000
  - name: https
    nodePort: 30181
    port: 8443
    protocol: TCP
    targetPort: 8443
  - name: httpsalt
    nodePort: 32623
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    component: smtp2
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - hostname: k8s-default-smtp2ser-1172550bfa-e1180ab2ebe1837c.elb.us-west-2.amazonaws.com

I have security groups that look like this:

                },
                {
                    "FromPort": 25,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.1.0/24"
                        },
                        {
                            "CidrIp": "10.0.0.0/24"
                        },
                        {
                            "CidrIp": "0.0.0.0/0",
                            "Description": "Allow SMTP ingress"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 25,
                    "UserIdGroupPairs": []
                }

Any ideas?

1 Risposta
0

This may not matter for inbound communication, but for outbound, AWS blocks port 25.
Please follow the instructions in the following document to apply for port 25 to be unrestricted.
https://repost.aws/ja/knowledge-center/ec2-port-25-throttle

profile picture
ESPERTO
con risposta 10 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande