[SOLVED] ping problems :(

[maurixio]

i had installed zimbra on a ubuntu 8.04 , without any errors, but i have a problem that is getting me annoyed.

the problem is , i can send mail to the exterior , but i cannot send back to zimbra , and the ping is the problem

its pinging to the private ip address of my zimbra box , and off course through the internet obviusly it couldnt find my server

i did the split-dns thing , im behing a firewall (iptables), and my mail server is apart from the dns one.

web 1.1.1.1
dns 1.1.1.1
mail 2.2.2.2
public ip 100.100.100.100

when i do a ping in my local net , it resolves good (and so www, and other services i got running)

but when i ping through the internet, all the other services get the public ip ok , but mail keeps pinging to 2.2.2.2 and loses all the packets

any idea of what would i do?

and another question , how can i set a virtualhost in 1.1.1.1 (the webserver) to get my zimbra administration page showed in the 100.100.100.100 public ip?

i know first i need to get access with public ip from the internet to my mail first.

any hint would be very appreciated ))

[dwmtractor]

when i do a ping in my local net , it resolves good (and so www, and other services i got running)

but when i ping through the internet, all the other services get the public ip ok , but mail keeps pinging to 2.2.2.2 and loses all the packets

This looks suspiciously like you have the PUBLIC DNS server set up wrong. One thing I may not have made quite clear enough in the Ubuntu Wiki is that your public DNS needs to have its A and MX records for mail.yourdomain.com pointing to the public IP address of your Zimbra server. Only the internal DNS should be pointing to the private IP.

Make sense?

[maurixio]

This looks suspiciously like you have the PUBLIC DNS server set up wrong. One thing I may not have made quite clear enough in the Ubuntu Wiki is that your public DNS needs to have its A and MX records for mail.yourdomain.com pointing to the public IP address of your Zimbra server. Only the internal DNS should be pointing to the private IP.

Make sense?

yup , i did that way i used multiviews in bind9

this is my external config

$TTL 3600
domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
2009210215 ; Serial
1H ; Refresh
2H ; Retry
4W ; Expire
2D ) ; Negative Cache TTL
;
IN NS ns1.domain.cl.
IN A 100.100.100.100
IN NS saturno.ifxnw.cl.
IN MX 10 mail
ns1 IN A 100.100.100.100
ns2 IN A 100.100.100.100
mail IN A 100.100.100.100
www IN A 100.100.100.100
ftp IN A 100.100.100.100


here is the internal part of the dns

$TTL 3600
domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
2009210215 ; Serial
1H ; Refresh
2H ; Retry
4W ; Expire
2D ) ; Negative Cache TTL
;
IN NS ns1.domain.cl.
IN A 1.1.1.1
IN NS saturno.ifxnw.cl.
IN MX 10 mail
ns1 IN A 1.1.1.1
ns2 IN A 1.1.1.1
mail IN A 2.2.2.2
www IN A 1.1.1.1
ftp IN A 1.1.1.1

my /etc/hosts in the zimbra server

127.0.0.1 localhost
2.2.2.2 mail.domain.cl mail

the hostname

root@mail:~# cat /etc/hostname
mail.domain.cl

i was thinking that.. maybe IN NS saturno.ifxnw.cl could be making wrong replies

i will delete it and see what happens.

[dwmtractor]

I have never done multiviews on bind9, so this is just a guess, but if your network is set up as I would expect, your Zimbra box is getting its traffic from a DNAT rule on your firewall/router. As such, wouldn't bind9 on the Zimbra box recognize even the DNATted traffic from outside, as actually being internal traffic? And hence giving internal, not external, responses?

I only host my own internal DNS and use my ISPs DNS servers for the external, so I don't have this problem, but it's believable.

[maurixio]

I have never done multiviews on bind9, so this is just a guess, but if your network is set up as I would expect, your Zimbra box is getting its traffic from a DNAT rule on your firewall/router. As such, wouldn't bind9 on the Zimbra box recognize even the DNATted traffic from outside, as actually being internal traffic? And hence giving internal, not external, responses?

I only host my own internal DNS and use my ISPs DNS servers for the external, so I don't have this problem, but it's believable.

yeah , probably that is the answer , but its strange that other services (im running apache in 1.1.1.1) replies good to the ping from internet on 100.100.100.100 (locally responds on 1.1.1.1 so the dns is working as expected).

this problem happened to me in the past , but the only difference was that the bind9 server where in the same server with zimbra, dunno why i could send and receive mails without problem installing that way.

[dwmtractor]

yeah , probably that is the answer , but its strange that other services (im running apache in 1.1.1.1) replies good to the ping from internet on 100.100.100.100 (locally responds on 1.1.1.1 so the dns is working as expected).

this problem happened to me in the past , but the only difference was that the bind9 server where in the same server with zimbra, dunno why i could send and receive mails without problem installing that way.

I don't think that's unexpected. Apache, when it replies to pings, is replying to your DNAT/SNAT router, which in turn is translating the replies to the outside world. It does this while being totally agnostic as to the internal-vs-external sourcing of the request. The difference is that your bind needs to respond differently depending on the location of the requestor, and it hasn't got the tools to accurately determine that since it's getting masqueraded requests.

[Bill Brock]

Are you hosting the internal and external zone files on the same DNS server?

[maurixio]

Are you hosting the internal and external zone files on the same DNS server?

yes i do, im using multiviews on bind9 , i have an static public ip and a static private ip to do so.

[maurixio]

I don't think that's unexpected. Apache, when it replies to pings, is replying to your DNAT/SNAT router, which in turn is translating the replies to the outside world. It does this while being totally agnostic as to the internal-vs-external sourcing of the request. The difference is that your bind needs to respond differently depending on the location of the requestor, and it hasn't got the tools to accurately determine that since it's getting masqueraded requests.

and if i install the dns server in the firewall could make any difference? because there i have in one interface the public ip , and in another a private one (that is the gateway for the whole LAN machines).

[Bill Brock]

as it applies to BIND. Most split DNS configurations require two DNS servers. One with the zone file that contains your internal data that Zimbra uses as a resolver and one that is the true Start of Authority that contains your external data that the outside world will look to to resolve your IP's.

Your internal data should not be viewable to the outside as it obviously is or the ping would not be directed to the internal IP.

Is this DNS server setup as the Start of Authority at your registrar?