I'm curious as to how long you waited when trying port 25. There is a five-second delay after the connection is established before it issues the 220 greeting
I noticed that. But on 44.137.40.2 the TCP connection does not even establish.
I tried from home (44.137.41.97) and from the gw-44-137 (44.137.0.1) and both were able to connect:
telnet 44.0.0.1 25 Trying 44.0.0.1... Connected to 44.0.0.1. Escape character is '^]'. 220 gw.ampr.org ESMTP Sendmail 8.15.2/8.15.2; Thu, 13 Jul 2017 09:20:58 -0700 (PDT) quit 221 2.0.0 gw.ampr.org closing connection Connection closed by foreign host.
However, on 44.137.40.2:
telnet 44.0.0.1 25 Trying 44.0.0.1...
(and nothing more. probably an error when I wait a minute or so)
When running tshark on tunl0 I see the SYN+ACK packets from 44.0.0.1 to 44.137.40.2 and when I do an insert of a rule matching source address 44.0.0.1 before all other firewall rules I see it matching, but still no ACK is going back. I have no idea what is going on there. Ping works OK.
Rob