Login page from outside firewall.

[tcolson]

Hi there

This is my first forum posting here so hope this all makes sense.

I have recently migrated from Desknow to Zimbra Network Edition (6.10) running on an Ubuntu 10.04 LTS server (64bit edition).

We are running a single domain on a single server which has multiple IP addresses on our internal LAN (4 NIC's in the server). The issue we are having is that we can not access the web interface externally. However it does appear to load a completely white page, there are do DNS or browser errors. This has been tried in both IE 6 & 7 & firefox 3.6

Internally from the LAN everything works fine.

I have put as much of our config in as I think is relevant below:

The firewall and external DNS (with our ISP) are configured so that webmail.xxxx.xxx.uk points to an external IP 82.69.xxx.xxx

The firewall is configured to permit traffic on that IP for ports 80 & 7071 and forward them to the internal address of our zimbra server (both http & https, I have also tried opening all firewall ports for an hour and trying but without any success).

The firewall logs show a connection being made and it appears to pass through.

I have looked at both the /var/log/zimbra.log and /opt/zimbra/jetty/log/access_log.date and can not see any reference to an external IP address.

Under the MTA settings I have both the hostname and FQDN as options for managing mail. I have also added the public service host address as the externally configured address (which is the same as the FQDN).

DNS is setup using the existing internal DNS servers, the hosts file is configured as follows:

127.0.0.1 localhost webmail.xxxx.xxx.uk webmail
172.xxx.xxx.xxx webmail.xxxx.xxx.uk webmail

The resolve.conf is configured as follows:

Search domainname
nameserver 172.xxx.xxx.xxx
nameserver 8.8.8.8

The domain is setup to receive and forward mail via our internal anti spam system and the MX records are configured accordingly.

We are able to send and receive email both internally and externally so that appears to be working ok.

I'm not sure if there are any other logs I can look at which may indicate if traffic is being rejected either by the OS or by Zimbra or if there is an item of config I am missing.

Any help would be appreciated.

Many Thanks

Tony

[jonallport]

Welcome to the Zimbra community.

First comment: EEEK! You're using HTTP on the public network side?
Second comment: EEEEK!! You're exposing your admin console to the Internet?

Sounds like you just need to close 80 and open 443 (that's how mine's setup). Even if you've got zmtlscontrol set to redirect, I wouldn't recommend having un-encrypted access at all.

Hope that helps.

[phoenix]

In addition to the above comments (you really should rethink your security for external connections to the server) your hosts file is incorrect and will cause you problems. Go to the Split DNS article and then read the 'Verify...' section for the format of your hosts file.