Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Zimbra and NAT...?

  1. #1
    tERRiON is offline New Member
    Join Date
    Oct 2005
    Posts
    4
    Rep Power
    9

    Question Zimbra and NAT...?

    Hi there,

    I'm playing around with Zimbra for several days now, and there's a small problem I'm facing:

    I would like to use Zimbra behind a firewall with NAT. Until today I'm using more than one server on one public IP, using portforwarding.

    This is my current setup:
    port 21 forwards to 10.0.0.a (other machine)
    port 25 forwards to 10.0.0.b (other machine; should be redirected to Zimbra when Zimbra is working like I would like to see it working)
    port 80 forwards to 10.0.0.c (zimbra.localnet)
    port 443 forwards to 10.0.0.c (zimbra.localnet)
    (there are several more machines which aren't relevant)

    The zimbra-box has hostname "zimbra.localnet" with a private IP-address. But when I hit my public IP address in my browser at work, I can't connect because zimbra.localnet can't be found.

    A second question: Is there a possibility to config some Apache-like vhosts? I would like to host another website too.

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Well if the traffic gets to Zimbra we'll respond. So my guess is something in your forwarding is not working. You might want to watch the tomcat logs as you test and verify the traffic is getting there.

  3. #3
    agnOstos is offline Loyal Member
    Join Date
    Oct 2005
    Posts
    96
    Rep Power
    9

    Default

    What do you mean when you hit your ip address? You mean the url? or the ip address? and are you trying to get there from the same lan or from the wan side? If you type http://zimbra.localnet on any other machine than the zimbra server itself it's not going to resolve unless you have a dns server on your lan to resolv it for you and then you would have to have the dns server listed as such in either ifconfig(*nix) or ipconfig(windows). As far as vhosts go, I would suggest running another machine and let zimbra run alone.

    Quote Originally Posted by tERRiON
    Hi there,

    I'm playing around with Zimbra for several days now, and there's a small problem I'm facing:

    I would like to use Zimbra behind a firewall with NAT. Until today I'm using more than one server on one public IP, using portforwarding.

    This is my current setup:
    port 21 forwards to 10.0.0.a (other machine)
    port 25 forwards to 10.0.0.b (other machine; should be redirected to Zimbra when Zimbra is working like I would like to see it working)
    port 80 forwards to 10.0.0.c (zimbra.localnet)
    port 443 forwards to 10.0.0.c (zimbra.localnet)
    (there are several more machines which aren't relevant)

    The zimbra-box has hostname "zimbra.localnet" with a private IP-address. But when I hit my public IP address in my browser at work, I can't connect because zimbra.localnet can't be found.

    A second question: Is there a possibility to config some Apache-like vhosts? I would like to host another website too.

  4. #4
    tERRiON is offline New Member
    Join Date
    Oct 2005
    Posts
    4
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    Well if the traffic gets to Zimbra we'll respond. So my guess is something in your forwarding is not working. You might want to watch the tomcat logs as you test and verify the traffic is getting there.
    I'm 100% sure the traffic get's where it should.

    Quote Originally Posted by agnOstos
    What do you mean when you hit your ip address? You mean the url? or the ip address? and are you trying to get there from the same lan or from the wan side? If you type http://zimbra.localnet on any other machine than the zimbra server itself it's not going to resolve unless you have a dns server on your lan to resolv it for you and then you would have to have the dns server listed as such in either ifconfig(*nix) or ipconfig(windows). As far as vhosts go, I would suggest running another machine and let zimbra run alone.
    Well, it's doesn't matter if I use my public IP-address or my own domainname (let's say "pubdomain.com").

    IE: When I browse to http://zimbra.pubdomain.com, I can reach my zimbra-machine. After that, the URL in the address-bar in my browser changes in http://zimbra.localnet which isn't resolvable from outside my local network. Same goes when I hit my public IP-address.

  5. #5
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Then the redirects in Login.jsp must be tripping you up. That file is in /opt/zimbra/tomcat/webapps/zimbra/public You may want to try adding debug in there to test my theory.

  6. #6
    tERRiON is offline New Member
    Join Date
    Oct 2005
    Posts
    4
    Rep Power
    9

    Default

    I'm not at home now, but I'll have a look at that when I'm at home again :-)

    thanks

  7. #7
    tERRiON is offline New Member
    Join Date
    Oct 2005
    Posts
    4
    Rep Power
    9

    Default It works!

    It works!

    I modified Login.jsp, and now it's working from outside mynetwork. Because I'm at work right now, I can't post the modification I've made, so I'll post it tonight. (it's 8.40AM now)

    But there's more: I've got other sites working at the same public IP too. I'm using Apache's reverse-proxy to redirect traffic for/from the Zimbra-server. All other http(s)-traffic goes to my other webserver. So my current setup is as follows:
    port 21 forwards to 10.0.0.a (other machine)
    port 25 forwards to 10.0.0.b (other machine; forwards mail also to zimbra.localnet)
    port 80 forwards to 10.0.0.b (httpd.localnet)
    port 443 forwards to 10.0.0.c (zimbra.localnet)

    All http traffic is redirected to httpd.localnet because that server is hosting my websites. From there I'm redirecting http traffic for Zimbra to zimbra.localnet using reverse-proxy. https is redirected straight to zimbra.localnet because I don't use it anywhere else.

    At this moment there are only 2 small things I'm facing which I still have to solve:
    - When I'm going to "http://zimbra.pubdomain.com" I'm getting an error that the certificate isn't valid. (because the hostname in the cert isn't zimbra.pubdomain.com but zimbra.localnet)
    - At the client-side Zimbra is responding slow sometimes. But at this moment I don't know whether it's a problem at my server, a connection-problem (bandwith?) or a problem with the client. Therefore I'll have to test it with another PC and another internet-connection.

    Despite these 2 issues, I'm impressed about Zimbra!

  8. #8
    winne27 is offline Intermediate Member
    Join Date
    Feb 2006
    Location
    Rhauderfehn, Germany
    Posts
    22
    Rep Power
    9

    Default

    Quote Originally Posted by tERRiON

    Well, it's doesn't matter if I use my public IP-address or my own domainname (let's say "pubdomain.com").

    IE: When I browse to http://zimbra.pubdomain.com, I can reach my zimbra-machine. After that, the URL in the address-bar in my browser changes in http://zimbra.localnet/mail/auth which isn't resolvable from outside my local network. Same goes when I hit my public IP-address.
    I have a similiar network as described above and the same problem after I upgraded to 3.1. In 3.0 this behavior didn't occur.

    The change of the URL in the address-bar of the browser happens after hitting the "Log On" button in the login panel.

    The same is also detected with Firefox 1.5.

    Paradoxically access to the admin panel on
    http://zimbra.pubdomain.com:7071/zimbraAdmin
    works smoothly.

    tERRION you mentioned a solution?
    Or is this a bug in 3.1?

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,586
    Rep Power
    57

    Default

    Are you running DNS on your LAN? Do you have any MX records hosted outside your LAN?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    winne27 is offline Intermediate Member
    Join Date
    Feb 2006
    Location
    Rhauderfehn, Germany
    Posts
    22
    Rep Power
    9

    Default

    The inside DNS Server is running on the same server as zimbra.
    MX records outsite are not existing.
    (All incoming mails are collected by fetchmail from other (outside-)servers)

    remind the context:
    The problems occur while log in from an outsited Zimbra-Client other a NAT-Firewall with reserved IPs (192.168.x.x) inside.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. upgrade woes -made into new thread
    By JustinHarlow in forum Installation
    Replies: 18
    Last Post: 06-08-2007, 12:11 PM
  2. Replies: 3
    Last Post: 06-07-2007, 07:19 AM
  3. Replies: 7
    Last Post: 10-04-2006, 02:49 AM
  4. Zimbra 4, OS 10.4.7 and NAT Howto?
    By mountaindog in forum Installation
    Replies: 5
    Last Post: 09-21-2006, 07:40 PM
  5. Zimbra behind NAT firewall
    By amitbapat in forum Administrators
    Replies: 9
    Last Post: 01-09-2006, 12:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •