Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Problem with an internal ZImbra server

  1. #1
    masterguido is offline Active Member
    Join Date
    Mar 2009
    Posts
    31
    Rep Power
    6

    Default Problem with an internal ZImbra server

    Hi everybody!
    I have the following configuration: one OpenSuse 11 box (as a firewall/router/web server) and, in an internal Lan, a Ubuntu 8.04 Zimbra Mail server.
    From outside I can access web site and zimbra (with a link in my main page: https//www.mysite.com)
    From the internal lan I can access the web site but not zimbra, unless I write: https://192.168.1.x
    I want to give my users the same link, no matter if they are coming to zimbra from outside or inside the Lan.
    I have set up a split dns and with bind 9 different views (internal/external), but the problem remains.
    Any suggestions?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by masterguido View Post
    From the internal lan I can access the web site but not zimbra, unless I write: https://192.168.1.x
    If you can't access your server by it's correct url then your split DNS is not set-up correctly, search the forums for some information on what commands you need to run to diagnose the problem and post the results here.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Also check /var/log/messages to ensure that you do not have a error in your internal BIND view.

  4. #4
    y@w's Avatar
    y@w
    y@w is offline Moderator
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Are you using http://www.site.com to access the website and https://www.site.com to access the Zimbra system from the outside? That's what it sounds like to me.. Does the firewall forward https traffic from the outside to your Zimbra system? If that's the case you'll need to replicate that routing setup for your internal users as well or simply just change their URL to https://mail.site.com from everywhere.

  5. #5
    masterguido is offline Active Member
    Join Date
    Mar 2009
    Posts
    31
    Rep Power
    6

    Default That's right

    Quote Originally Posted by y@w View Post
    Are you using http://www.site.com to access the website and https://www.site.com to access the Zimbra system from the outside? That's what it sounds like to me.. Does the firewall forward https traffic from the outside to your Zimbra system? If that's the case you'll need to replicate that routing setup for your internal users as well or simply just change their URL to https://mail.site.com from everywhere.
    y@w, It is just the case. The firewall forwards https traffic from outside to zimbra box.
    I canīt access https://mail.site.com from inside.
    My firewall has:
    #Redirecciono entrada al puerto 443 al servidor de correo
    $IPT -t nat -A PREROUTING -i $WAN -p tcp --dport 443 -j DNAT --to-destination 192.168.1.7:443
    $IPT -A FORWARD -i $WAN -p tcp --dport 443 -m state --state NEW -j ACCEPT
    How can I replicate this to the internal Lan?
    I've tried:
    #Redirecciono entrada al puerto 443 al servidor de correo
    $IPT -t nat -A PREROUTING -i $LAN -p tcp --dport 443 -j DNAT --to-destination 192.168.1.7:443
    $IPT -A FORWARD -i $LAN -p tcp --dport 443 -m state --state NEW -j ACCEPT
    but this didn't work. What can I do?
    Thanks a lot for your help

  6. #6
    y@w's Avatar
    y@w
    y@w is offline Moderator
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Hmm.. Yeah I wasn't sure if that would work or not. I actually don't know iptables very well but it looks like that should work, logically.

    Just thinking out loud here.. You could setup an Apache (or whatever web server you're using) proxy and just have it listen only on your internal LAN (or both if you want to take out the DNAT rule for that matter).

  7. #7
    y@w's Avatar
    y@w
    y@w is offline Moderator
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Also, just to be sure we're on the same page.. This is what I'm assuming is happening:

    From the outside:
    http://www.site.com -> web server on external IP
    https://www.site.com -> hits DNAT rule on external IP -> Zimbra server on internal network


    From inside:
    http://www.site.com -> web server on internal IP of web server
    https://www.site.com -> https on internal IP of web server (which presumably isn't listening)


    I just want to make sure since you did mention mail.site.com in your previous post.

  8. #8
    masterguido is offline Active Member
    Join Date
    Mar 2009
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by y@w View Post
    Also, just to be sure we're on the same page.. This is what I'm assuming is happening:
    From the outside:
    http://www.site.com -> web server on external IP
    https://www.site.com -> hits DNAT rule on external IP -> Zimbra server on internal network
    From inside:
    http://www.site.com -> web server on internal IP of web server
    https://www.site.com -> https on internal IP of web server (which presumably isn't listening)
    I just want to make sure since you did mention mail.site.com in your previous post.
    You are right:
    I have mail.site.com. If I write -http://mail.site.com it takes me to my web site, but if I write https://mail.site.com it goes down to zimbra server.
    Last edited by masterguido; 05-29-2009 at 10:42 AM.

  9. #9
    masterguido is offline Active Member
    Join Date
    Mar 2009
    Posts
    31
    Rep Power
    6

    Default

    Do anybody have any idea/suggestion?

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by masterguido View Post
    Do anybody have any idea/suggestion?
    You've provided no diagnostic information for anyone to help you and I've already answered this question but I'll state it again, if you can't reach your server by it's url then your split DNS (and possibly your hosts file) is not set-up correctly. Search the forums on what information you need to provide for this problem.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 02-25-2009, 04:39 AM
  2. Replies: 8
    Last Post: 01-20-2009, 01:06 PM
  3. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 05:43 AM
  4. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM
  5. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •