configuration firewall (detail)

[csoliss]

Hello all, in my company I have a router-firewall installed (watchguard firebox) we need to install a mail server which this one behind of this machine (router-firewall) we already have an ip publishes, available for this purpose, in turn that I already has config the register A, MX and PTR In the DNS server , but how I should have configuration this router firewall in order that the machine that I have with a private ip, could uses this ip publishes, for it income and outcome...

I do not need a detailed explanation of the router-firewall in question, but help me a lot the general limits of configuration of this device. The servant of mail is Zimbra collaboration suite 5.0, and I bear in mind very the ports that there needs this servant of mail (Firewall Configuration - Zimbra :: Wiki), but indeed already not that to do him there is this device, by the way the mail serve work good in the intranet, thank

[phoenix]

You will need a Split DNS behind a firewall.

[csoliss]

Its necesary do a split DNS if I ready have a DNS server?, and I already have de A, MX and PTR in that server, thank for you help

[phoenix]

Do you have valid DNS A & MX records that point to the LAN ip of your Zimbra server? If you don't then you'll need a split DNS.

[dongqiu]

Quote:

Originally Posted by csoliss

Hello all, in my company I have a router-firewall installed (watchguard firebox) we need to install a mail server which this one behind of this machine (router-firewall) we already have an ip publishes, available for this purpose, in turn that I already has config the register A, MX and PTR In the DNS server , but how I should have configuration this router firewall in order that the machine that I have with a private ip, could uses this ip publishes, for it income and outcome...

I do not need a detailed explanation of the router-firewall in question, but help me a lot the general limits of configuration of this device. The servant of mail is Zimbra collaboration suite 5.0, and I bear in mind very the ports that there needs this servant of mail (Firewall Configuration - Zimbra :: Wiki), but indeed already not that to do him there is this device, by the way the mail serve work good in the intranet, thank

Put your mail server in DMZ zone or config NAT and public service from public IP to private IP. You might need two DNS (one for public one for internal).

[csoliss]

Quote:

Originally Posted by phoenix

Do you have valid DNS A & MX records that point to the LAN ip of your Zimbra server? If you don't then you'll need a split DNS.

I have already working a mail server (mail) and I trying to config my zimbra server (mail2)
yes I have a DNS server (internal), this is the configuration of the server:

Address (A) Record
Host Name Domain Name IP Address
mail2 domain.com 192.0.0.121

Reverse Address (PTR) Record
IP Address Network Mask Host Name Domain Name
192.0.0.121 /24 mail2 domain.com

Mail Server (MX) Record
Host Name Domain Name Mail Server Name Delivery Precedence
mail2 domain.com mail2.domain.com High

DNS server (External)
ubuntu:~# nslookup
> mail2.domain.com
Server: 200.XX.XX.XX
Address: 200.XX.XX.XX#53

Non-authoritative answer:
Name: mail2.domail.com
Address: 200.yy.yyy.yy
> set type=mx
> domail.com
Server: 200.XX.XX.XX
Address: 200.XX.XX.XX#53

Non-authoritative answer:
domain.com mail exchanger = 10 mail.domain.com.
domain.com mail exchanger = 10 mail2.domain.com.

Authoritative answers can be found from:
> set type=ns
> domain.com
Server: 200.XX.XX.XX
Address: 200.XX.XX.XX#53

Non-authoritative answer:
domain.com nameserver = ccsctp10.genesisbci.net.

by the way this is the host configuration in the server
ubuntu:~$ cat /etc/hosts
127.0.0.1 localhost
192.0.0.121 mail2.domain.com mail2

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
ubuntu:~$ cat /etc/hostname
mail2

but I can send messages amount zimbra's acount
what Iam doing bad?
thank for you help...

[phoenix]

If you are trying to run two mail server behind NAT with the same donain name then you'll need a Split Domain set-up. I'm not really sure from your description if you're migrating to a new server just want to run them in parallel.

[csoliss]

Quote:

Originally Posted by phoenix

If you are trying to run two mail server behind NAT with the same donain name then you'll need a Split Domain set-up. I'm not really sure from your description if you're migrating to a new server just want to run them in parallel.

I want to run in parallel for a month, because we need to do some test, but later we want migrate for zimbra

it posible that they work in parallel or I have to change de domain for zimbra

[phoenix]

You can create new users on the Zimbra server if they are new mail accounts or you could migrate some accounts from the current server to the new Zimbra server, that would be using the Split Domain set-up.

[csoliss]

if I change the domain, that would be easier?