Multi server installation across private (RFC 1918) and official networks

[schiegel]

Hello,

I want to set up a ZCS 7.1.3 network edition system with four servers. Two of the servers, the central directory server for ZCS and other applications and the mailstore server, should be in a private network with private RFC 1918 IP addresses and a DNS server for the private network. The other two servers, one MTA handling incoming and outgoing emails and one proxy server for web and IMAP proxying, should have official IP addresses with worldwide resolvable names. Between the two networks there is a packet filtering firewall with two interfaces which NATs the internal network. All in all I have:

Private network with:
- Directory server (192.168.1.10, ds.mydomain.pri)
- Mailstore server (192.168.1.11, ms.mydomain.pri)

Paket filtering firewall

Official network with:
- Mail exchange server (mx2.mydomain.de)
- IMAP/HTTP proxy server (comms.mydomain.de)

Now, the problem is that I can not make the external proxy server talk to the internal mailstore server. Web proxying does not work, nginx gives a "bad gateway" message.

I have a case open at Zimbra with this question but maybe someone here can help. I do not think that my setup is something special so it must be possible somehow.

Does someone have a similar setup and could give me some configuration hints?

Thank you.

Regards,
Willi

[andy204]

should be no problem at all. we are running a similar setup with 2 balanced frontends, 3 backends and 1 ldap master. 3 backends and the ldapmaster do have private addresses. you should look if the frontends can reach the backends with all needed ports (route lookup, proxy ports)

[schiegel]

I was quite sure that it should be possible although Zimbra support told me that it I want to achieve an unsupported setup.
Can you please tell me what you configured during install? That's what I did.

On mailstore with private IP address:

Installing:
zimbra-core
zimbra-logger
zimbra-store
zimbra-apache
zimbra-spell
zimbra-convertd

Hostname: mailstore.mydomain.pri

Configure for use with mail proxy
Configure for use with web proxy

On external proxy server with official IP address:

Installing:
zimbra-core
zimbra-memcached
zimbra-proxy

Hostname: comms.mydomain.de

Enable HTTP[S] Proxy

On this server I have the following in /etc/hosts:

ip.address.of.firewall mailstore.mydomain.pri

On the packet filtering firewall I have rules saying:

Send everything what comes from comms.mydomain.de on ports 80, 143, 443, 514, 993, 7072, 7143, and 7993 to internal server mailstore.mydomain.pri

The rules work because I can connect from the proxy to the internal mailstore, for example with telnet to the IMAP port or with lynx to the web server port:

telnet mailstore.mydomain.pri 143
Trying ip.address.of.firewall
Connected to maistore.mydomain.pri
Escape character is '^]'.
* OK mailstore.mydomain.pri Zimbra IMAP4rev1 server ready

But when I connect to the proxy server there is no redirection. It looks as if the proxying just is not happening.

Any ideas?

Thank you very much.

Best regards,
Willi