Results 1 to 10 of 10

Thread: Firewall / NAT

  1. #1
    dnewburg is offline Junior Member
    Join Date
    Jan 2007
    Posts
    5
    Rep Power
    8

    Default Firewall / NAT

    I have successfully deployed Zimbra (and love it) for personal use. I use it for web mail only, and I would prefer port 80/443 to be the only external ports open. The problem I have run into is that when I port forward only ports 80 and 443, I can not receive any messages.

    Can anyone offer a suggestion as to what ports Zimbra requires for external access?

    Thanks in advance!

  2. #2
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    9

    Default

    Quote Originally Posted by dnewburg View Post
    I have successfully deployed Zimbra (and love it) for personal use. I use it for web mail only, and I would prefer port 80/443 to be the only external ports open. The problem I have run into is that when I port forward only ports 80 and 443, I can not receive any messages.

    Can anyone offer a suggestion as to what ports Zimbra requires for external access?

    Thanks in advance!
    Well, any functioning email server needs port 25 open since that is how the email servers of the world talk amongst each other.

  3. #3
    dnewburg is offline Junior Member
    Join Date
    Jan 2007
    Posts
    5
    Rep Power
    8

    Default

    I have opened ports 25, 80, and 443, but still no luck... I can successfully receive mail when I place the Zimbra server on my DMZ. Here is what nmap reports when I have it all open:

    PORT STATE SERVICE
    25/tcp open smtp
    80/tcp open http
    110/tcp open pop3
    143/tcp open imap
    389/tcp open ldap
    443/tcp open https
    993/tcp open imaps
    995/tcp open pop3s
    3310/tcp open unknown
    7025/tcp open unknown
    7035/tcp open unknown
    7071/tcp open unknown
    7780/tcp open unknown

  4. #4
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    9

    Default

    Since you haven't described how your network is setup, can you describe how you are configured?

    Do you have a public static IP or are you NAT'ing? If you are NAT'ing, then you need to port forward the router public IP to your Zimbra server for 25, 80, 443 and you need to ensure your MX record is pointing to that router public IP.

  5. #5
    dnewburg is offline Junior Member
    Join Date
    Jan 2007
    Posts
    5
    Rep Power
    8

    Default

    My configuration is as follows: I have a public IP that points to my router's public IP. When I place my Zimbra server on my DMZ (ie all ports open to Zimbra server), there is no issue. When I try to NAT and port forward specific ports, that is when mail is getting lost. My MX records should be accurate since I can receive mail, correct?

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    There should be no problem running Zimbra behind a NAT router, if the ports are open and forwarded then it will work. I have my server obehind a NAT router and it doesn't have any problems receiving mail.

    If it works in the DMZ and doesn't when it's behind the NAT router with the ports forwarded then that suggests the NAT device is interfering with the connection. What type of NAT device is it? Does it have any firewall on it? Does it have any facility for 'content filtering'? Any of those can stop your server.
    Last edited by phoenix; 01-30-2007 at 05:47 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    dnewburg is offline Junior Member
    Join Date
    Jan 2007
    Posts
    5
    Rep Power
    8

    Default

    I am using a Linksys WRT54G router. I am doing this on a basic home configuration. Is the WRT known for NAT issues like this?

  8. #8
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    It's not known for NAT problems. Have you got the most recent firmware installed? Have you disabled the Web Filters feature? Have you modified the Filters tab to allow access to Local PCs? I assume you've got the correct ports forwarded to the correct Fixed IP of the Zimbra server? Do you have a firewall on the Zimbra server? If so then disable it when it's behind the router.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    dnewburg is offline Junior Member
    Join Date
    Jan 2007
    Posts
    5
    Rep Power
    8

    Default

    We all learn something new everyday! Thank you for your help. I had the Linksys SPI Firewall enabled, so I assume it was filtering content when I placed the server behind the firewall and attempted to port forward.

    Thanks again...

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Sometime an SPI firewall will be OK but more ofetn than not it causes problems. Glad you've got it working.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DHCP, NAT and Firewall
    By PimpDaDdy in forum Administrators
    Replies: 6
    Last Post: 02-20-2007, 10:46 AM
  2. Replies: 7
    Last Post: 10-04-2006, 02:49 AM
  3. Replies: 2
    Last Post: 09-06-2006, 01:15 AM
  4. Zimbra behind NAT firewall
    By amitbapat in forum Administrators
    Replies: 9
    Last Post: 01-09-2006, 12:55 PM
  5. Firewall ports and NAT
    By mrcottonmouth in forum Installation
    Replies: 3
    Last Post: 10-23-2005, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •