Zimbra and NAT...?

[tERRiON]

Hi there,

I'm playing around with Zimbra for several days now, and there's a small problem I'm facing:

I would like to use Zimbra behind a firewall with NAT. Until today I'm using more than one server on one public IP, using portforwarding.

This is my current setup:
port 21 forwards to 10.0.0.a (other machine)
port 25 forwards to 10.0.0.b (other machine; should be redirected to Zimbra when Zimbra is working like I would like to see it working)
port 80 forwards to 10.0.0.c (zimbra.localnet)
port 443 forwards to 10.0.0.c (zimbra.localnet)
(there are several more machines which aren't relevant)

The zimbra-box has hostname "zimbra.localnet" with a private IP-address. But when I hit my public IP address in my browser at work, I can't connect because zimbra.localnet can't be found.

A second question: Is there a possibility to config some Apache-like vhosts? I would like to host another website too.

[KevinH]

Well if the traffic gets to Zimbra we'll respond. So my guess is something in your forwarding is not working. You might want to watch the tomcat logs as you test and verify the traffic is getting there.

[agnOstos]

What do you mean when you hit your ip address? You mean the url? or the ip address? and are you trying to get there from the same lan or from the wan side? If you type http://zimbra.localnet on any other machine than the zimbra server itself it's not going to resolve unless you have a dns server on your lan to resolv it for you and then you would have to have the dns server listed as such in either ifconfig(*nix) or ipconfig(windows). As far as vhosts go, I would suggest running another machine and let zimbra run alone.

Quote:

Originally Posted by tERRiON

Hi there,

I'm playing around with Zimbra for several days now, and there's a small problem I'm facing:

I would like to use Zimbra behind a firewall with NAT. Until today I'm using more than one server on one public IP, using portforwarding.

This is my current setup:
port 21 forwards to 10.0.0.a (other machine)
port 25 forwards to 10.0.0.b (other machine; should be redirected to Zimbra when Zimbra is working like I would like to see it working)
port 80 forwards to 10.0.0.c (zimbra.localnet)
port 443 forwards to 10.0.0.c (zimbra.localnet)
(there are several more machines which aren't relevant)

The zimbra-box has hostname "zimbra.localnet" with a private IP-address. But when I hit my public IP address in my browser at work, I can't connect because zimbra.localnet can't be found.

A second question: Is there a possibility to config some Apache-like vhosts? I would like to host another website too.

[tERRiON]

Quote:

Originally Posted by KevinH

Well if the traffic gets to Zimbra we'll respond. So my guess is something in your forwarding is not working. You might want to watch the tomcat logs as you test and verify the traffic is getting there.

I'm 100% sure the traffic get's where it should.

Quote:

Originally Posted by agnOstos

What do you mean when you hit your ip address? You mean the url? or the ip address? and are you trying to get there from the same lan or from the wan side? If you type http://zimbra.localnet on any other machine than the zimbra server itself it's not going to resolve unless you have a dns server on your lan to resolv it for you and then you would have to have the dns server listed as such in either ifconfig(*nix) or ipconfig(windows). As far as vhosts go, I would suggest running another machine and let zimbra run alone.

Well, it's doesn't matter if I use my public IP-address or my own domainname (let's say "pubdomain.com").

IE: When I browse to http://zimbra.pubdomain.com, I can reach my zimbra-machine. After that, the URL in the address-bar in my browser changes in http://zimbra.localnet which isn't resolvable from outside my local network. Same goes when I hit my public IP-address.

[KevinH]

Then the redirects in Login.jsp must be tripping you up. That file is in /opt/zimbra/tomcat/webapps/zimbra/public You may want to try adding debug in there to test my theory.

[tERRiON]

I'm not at home now, but I'll have a look at that when I'm at home again :-)

thanks

[tERRiON]

It works!

I modified Login.jsp, and now it's working from outside mynetwork. Because I'm at work right now, I can't post the modification I've made, so I'll post it tonight. (it's 8.40AM now)

But there's more: I've got other sites working at the same public IP too. I'm using Apache's reverse-proxy to redirect traffic for/from the Zimbra-server. All other http(s)-traffic goes to my other webserver. So my current setup is as follows:
port 21 forwards to 10.0.0.a (other machine)
port 25 forwards to 10.0.0.b (other machine; forwards mail also to zimbra.localnet)
port 80 forwards to 10.0.0.b (httpd.localnet)
port 443 forwards to 10.0.0.c (zimbra.localnet)

All http traffic is redirected to httpd.localnet because that server is hosting my websites. From there I'm redirecting http traffic for Zimbra to zimbra.localnet using reverse-proxy. https is redirected straight to zimbra.localnet because I don't use it anywhere else.

At this moment there are only 2 small things I'm facing which I still have to solve:
- When I'm going to "http://zimbra.pubdomain.com" I'm getting an error that the certificate isn't valid. (because the hostname in the cert isn't zimbra.pubdomain.com but zimbra.localnet)
- At the client-side Zimbra is responding slow sometimes. But at this moment I don't know whether it's a problem at my server, a connection-problem (bandwith?) or a problem with the client. Therefore I'll have to test it with another PC and another internet-connection.

Despite these 2 issues, I'm impressed about Zimbra!

[winne27]

Quote:

Originally Posted by tERRiON

Well, it's doesn't matter if I use my public IP-address or my own domainname (let's say "pubdomain.com").

IE: When I browse to http://zimbra.pubdomain.com, I can reach my zimbra-machine. After that, the URL in the address-bar in my browser changes in http://zimbra.localnet/mail/auth which isn't resolvable from outside my local network. Same goes when I hit my public IP-address.

I have a similiar network as described above and the same problem after I upgraded to 3.1. In 3.0 this behavior didn't occur.

The change of the URL in the address-bar of the browser happens after hitting the "Log On" button in the login panel.

The same is also detected with Firefox 1.5.

Paradoxically access to the admin panel on
http://zimbra.pubdomain.com:7071/zimbraAdmin
works smoothly.

tERRION you mentioned a solution?
Or is this a bug in 3.1?

[phoenix]

Are you running DNS on your LAN? Do you have any MX records hosted outside your LAN?

[winne27]

The inside DNS Server is running on the same server as zimbra.
MX records outsite are not existing.
(All incoming mails are collected by fetchmail from other (outside-)servers)

remind the context:
The problems occur while log in from an outsited Zimbra-Client other a NAT-Firewall with reserved IPs (192.168.x.x) inside.