Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page zimbra routing issues

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-18-2008, 07:19 AM
Intermediate Member
  
Posts: 16
Default zimbra routing issues
Hi All

Zimbra is up and running. I am trying now to route port 25 from the main machine with the dsl to the internal natted machine.

the current iptables rules I am using are as follows

$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 25 -j DNAT --to-destination 192.168.0.2:25

and

$IPTABLES -A FORWARD -p tcp --dport 25 -j ACCEPT -s 192.168.0.2

neither of these rules work, what would be the syntax I would use.

Joseph
Reply With Quote
  #2 (permalink)  
Old 02-18-2008, 07:23 AM
Zimbra Consultant & Moderator
  
Posts: 20,316
Default
What do you mean by 'they don't work'?
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 02-18-2008, 07:32 AM
Intermediate Member
  
Posts: 16
Default
Also forgot to mention that I changed the server from the primary mx and secondary mx. also the secondary mx is natted.

Joseph
Reply With Quote
  #4 (permalink)  
Old 02-18-2008, 07:35 AM
Intermediate Member
  
Posts: 16
Default
phoenix

those iptables rules seem not to work for me. When I try to telnet to port 25 from the outside to my machine. I get connection refused. When I try internally, I do not have a problem.

Joseph
Reply With Quote
  #5 (permalink)  
Old 02-18-2008, 09:59 PM
Senior Member
  
Posts: 71
Default
I pulled this out of my firewall script, hope it helps.

My firewall/router is a dual homed Linux box. Substitute your proper interface(s) and appropriate IP addresses for any of the $VARIABLES as needed.

for my install, IPTABLES="/sbin/iptables".


Code:
# --------------------------------------
# inbound smtp/mail (25)
# --------------------------------------
echo ""
echo -n "Accept inbound mail requests from the Internet"
$IPTABLES -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $EXTERNAL_ADDRESS --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -s $EXTERNAL_ADDRESS --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

echo ""
echo -n "Forwarding incoming port 25 traffic to mail server"
$IPTABLES -t nat -A PREROUTING -p tcp -i $EXTERNAL_INTERFACE -s 0/0 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j DNAT --to-dest $MAIL_SERVER
$IPTABLES -A FORWARD -p tcp -i $EXTERNAL_INTERFACE -s 0/0 --sport 1024:65535 -o $INTERNAL_INTERFACE -d $MAIL_SERVER --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -p tcp -i $INTERNAL_INTERFACE -s $MAIL_SERVER --sport 25 -o $EXTERNAL_INTERFACE -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -p tcp -o $EXTERNAL_INTERFACE -s $MAIL_SERVER --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j MASQUERADE
Last edited by Stergil; 02-19-2008 at 11:17 PM..
Reply With Quote
  #6 (permalink)  
Old 02-19-2008, 12:30 AM
Zimbra Consultant & Moderator
  
Posts: 20,316
Default
There's also some detail on the wiki about iptables.
__________________
Regards


Bill
Reply With Quote
  #7 (permalink)  
Old 02-19-2008, 04:37 AM
Intermediate Member
  
Posts: 16
Default
Hi Guys

here is my firewall rules, see what I am doing wrong.

#!/bin/sh

IPTABLES=/sbin/iptables

/sbin/modprobe ipt_MASQUERADE
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
#
# ftp
#
#$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
#
# ssh
#
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
#
# mail
#
$IPTABLES -t nat -A PREROUTING -p tcp -i ppp0 --dport 25 -j DNAT --to 192.168.0.2:25
$IPTABLES -A FORWARD -p tcp -i ppp0 -d 192.168.0.2 --dport 25 -j ACCEPT
#
# domain name services
#
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
#
# world wide web
#
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -i ppp0 --dport 81 -j DNAT --to 192.168.0.2:80
$IPTABLES -A FORWARD -p tcp -i ppp0 -d 192.168.0.2 --dport 81 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
#
# irc
#
$IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT
#
# network time protocol
#
$IPTABLES -A INPUT -p tcp --dport 123 -j ACCEPT
$IPTABLES -P INPUT DROP
$IPTABLES -A FORWARD -i eth1 -o eth1 -j REJECT
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
/bin/echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
/bin/echo "2048 32767" > /proc/sys/net/ipv4/ip_local_port_range

Can you point out the errors.

Joseph
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.