Server behind firewall

[VmarkV]

Well Ive spent all weekend playing with getting this app running and have came up with a few things you may want to add or think about in the documenation.

1. The hosts file should have TWO entries in it. The first line being the obvoius local localhost.localdomain entry and the second line should be mail.myserver.com

2. Im still really stumped as to how this should be setup behind a firewall. I have mine setup behind a firewall and cannot recieve mail because the proper DNS setup point to the external IP. Ive seen a few people setup dummy DNS servers locally to fix this but I have to think this is a real Kludge. I have setup many a mail server and the thought of tricking postfix via DNS just seems wrong to me. Are you guys planning on writing a Install for guys that like to firewall their gear? I would think that would be MOST enterprise guys out there....

3. MySQL. I dont mind the fact that the installer does the installation but what does it set the root password to? Also does changing it affect the software? I would like to add more applications other than Zimbra to this box and wonder how that will work.

4. Web Directories. I havent taken the time to see how its really setup here but again it would be nice If you could specify directoires and Ports during the install. Again I would like to load a single machine with the following apps
a. Zimbra
b. SugarCRM
c. Jooma CMS
d. Possibly Asterisk PBX & AMP

All of these together would make a hell of a bundle.

Just my thoughts.
Thanks,
Mark Vincent
MindCentric
MarkV@MindCentric.com

[KevinH]

Quote:

Originally Posted by VmarkV

Well Ive spent all weekend playing with getting this app running and have came up with a few things you may want to add or think about in the documenation.

1. The hosts file should have TWO entries in it. The first line being the obvoius local localhost.localdomain entry and the second line should be mail.myserver.com

This is mentioned in the installer itself when it tries to check the data. We'll add a not to the docs as well.

Quote:

Originally Posted by VmarkV

2. Im still really stumped as to how this should be setup behind a firewall. I have mine setup behind a firewall and cannot recieve mail because the proper DNS setup point to the external IP. Ive seen a few people setup dummy DNS servers locally to fix this but I have to think this is a real Kludge. I have setup many a mail server and the thought of tricking postfix via DNS just seems wrong to me. Are you guys planning on writing a Install for guys that like to firewall their gear? I would think that would be MOST enterprise guys out there....

From what we've seen so far most enterprises have DNS setup correctly to resolve IP's internally to the internal IP. Seems most of these problems come from folks running on a home DSL/cable line and don't have a DNS server for their local machines. Are you running a larger system that doesn't have it's own DNS?

Quote:

Originally Posted by VmarkV

3. MySQL. I dont mind the fact that the installer does the installation but what does it set the root password to? Also does changing it affect the software? I would like to add more applications other than Zimbra to this box and wonder how that will work.

We don't reccomend using our MySQL db. It should be considered internal to our product. Zimbra will expect full control of the database and we tune the memory, threads, etc with the thinking we are the only app. This will show you the root password.

zmlocalconfig -s | grep mysql

Quote:

Originally Posted by VmarkV

4. Web Directories. I havent taken the time to see how its really setup here but again it would be nice If you could specify directoires and Ports during the install. Again I would like to load a single machine with the following apps
a. Zimbra
b. SugarCRM
c. Jooma CMS
d. Possibly Asterisk PBX & AMP

Here's the ports we use today(this will change in the next release).
Questions Before I Start

You can find the directory info in the docs here:
http://www.zimbra.com/downloads/zimb...e.html#1036288

[rhostager]

I just finished installing a test server. My setup is behind a firewall, so the server has an IP address of 192.168.1.7. My hostname is served by DNS that gives a valid internet address (points to my firewall) which is different from the actual local address mentioned above. My /etc/hosts has this local address. The ONLY way I could get this setup to work was with an internal DNS server that supplied the local address for my host and the proper MX record as well. It seems that parts of the backend use the /etc/hosts file and other parts (probably postfix) look to DNS.

It is fairly common practice to have a DNS server serve local addresses to servers and even local machines on the local net. I don't see this as a 'Kludge'. It makes sense. Why have local machines go out to the internet, back in the firewall and to your server when you can have them go direct? Just a thought.

- Rob

[KevinH]

Quote:

Originally Posted by rhostager

It is fairly common practice to have a DNS server serve local addresses to servers and even local machines on the local net. I don't see this as a 'Kludge'. It makes sense. Why have local machines go out to the internet, back in the firewall and to your server when you can have them go direct? Just a thought.

Correct. Every corp/enterprise network I've seen has this. It seems to be more of a problem for the very small networks, or home users. This is a postfix thing and there's really not much we can do.