Admin Server Remote Access

[msmcknight]

Hi everyone,

I am trying to access the ZCS admin server remotely from the internet. The actual hostname of the server is not resolvable from the internet. For example, the actual hostname might be zimbra.example.com, but from the internet I connect to zhost.example.com.

When I try to connect to port 7071, I get the main ZCS login screen... not the admin login. This is bizarre to me since the ZCS user webmail is not listening on port 7071.

If I connect from the internal network to port 7071, I get the admin login screen.

I am at a loss as to how I can connect to 7071 and end up at the ZCS login screen listening on 8080. The only thing I can think of is that the apache backend config has something wrong with it.

The installation is a stock 5.0.16 on RH5.3 and I have made no significant customizations.

If anyone has any ideas on how/why this is happening and how to fix it,I would appreciate anytips.

Thanks to all in advance.
-Michael

[phoenix]

Have you got port 7071 forwarded correctly through your firewall or NAT router?

[msmcknight]

Yes. The external address, ie port 5071 is directing to the actual port 7071. The crazy thing is that the web browser shows port 5071 -- netstat -an shows port 7071 but the ZCS webmail login is what I get.

Another interesting thing I just noticed... I can login when connecting to this mystery port, but once logged in, I cant do anything. If I click on a message, for example, ZCS gives me an:

"A network error has occurred."

The details mention
system failure: request not allowed on port 7071
code: service failure

The error does seem to indicate that I am connected to port 7071.

Very odd and I'm at a total loss!

Thanks,
Michael

[3RiversTechAdmin]

I would recommend against exposing yourself the way you are. Instead you should use ssh port forwarding (or VPN).

Here is an example of how you would use ssh port forwarding from a Linux machine outside your office.

sshServer - server running ssh
XXX - port ssh on sshServer is exposed on
zimbraServer - server running zimbra

execute:
ssh -p XXX -l username -L 7071:zimbraServer:7071 sshServer cat -

Then go to: https://localhost:7071 in your web browser

[msmcknight]

Hi,

Yes, I agree completely that an SSH tunnel would be the most secure option, unfortunately I wont always be where I'll have SSH access. Sometimes I may have to address an issue remotely from a blackberry, a internet cafe, etc. We understand the risks, but for now, we really need to get to the admin console directly.

Thanks,
-Michael

[msmcknight]

Hi folks,

Any other thoughts on this issue? I can't get it to work at all and no matter what I try, I keep ending up and the general ZCS login screen.

To me, this looks like a web-server config issue. Meaning that the webserver seems to be matching the connection based on the URL attempted rather than connecting based on the destination port. I cant be sure though since I'm not that familiar with ZCS and how it works under-the-covers.

If anyone can help shed light on this... or maybe try to reproduce it to see if they have the same problem, it would be great.

In any case, thanks to you all in advance.
-Michael

[veronica]

Why dont you use zimbraPublicServiceHostname to access from public ?

[msmcknight]

I've tried using the public service name for the primary domain, but I dont see one for the admin server. Is there a public service name setting for the admin server?

Thanks,
Michael