 Ports required
ZCS was designed for installation on a server alone, though this isn't really a hard and fast requirement.
One thing we do, to reduce the services that start/run as root, is map privileged (<1024) ports to non-privileged ports. We do this through iptables, which is where the firewall restrictions come from.
Here are the ports used:
smtp: 25 mapped to 7075
http: 80 mapped to 7070
pop3: 110 mapped to 7110
imap: 143 mapped to 7143
ldap: 389 mapped to 7389
https: 443 mapped to 7443
imaps: 993 mapped to 7993
pop3s:995 mapped to 7995
admin: 7071
control: 7777
The application services talk to each other on both the mapped and unmapped ports, unfortunately, so it's not possible to simply stop the mapping.
From what you've mentioned of your current installation, the two biggest problems will be mysql and http (apache). None of the software installed by zcs will remove your existing software.
We are not listening on a TCP socket for mysql (all traffic goes through a unix domain socket).
If you want to access the existing web server as well as the ZCS web client, you'll have to move one of them off of port 80.
So, one way to make this work may be:
1 - Install zcs. This will include the port mapping.
2 - Remove the 80->7070 mapping so that traffic to your existing web server will get through.
3 - verify that your firewall will pass traffic for all of the ports used by ZCS.
4 - modify /opt/zimbra/tomcat/conf/server.xml to remove the proxyPort attribute from the http connector on port 7070
5 - restart ZCS
I haven't tested this configuration, but it should work.  |