Installing with private IP-address

[RJB]

What would be the best way installling Zimbra with a private ip-address and still being reachable from internet. (Zimbra over NAT)

I'm using it for while now with local dns. Hostname is: server.name.local and dns is resolving for the .local domain to a private address.
On the internetside its reachable by: server.name.nl and everything works ok accept for some links in which the hostname is used. The documents option is a good example.

I've been trying with a clean installation (CentOS 4.4) and giving it a internet-name while the interface of the server only has a private address but then LDAP won't bind.

Any suggestions?

[jimbo]

This is really not a Zimbra issue but a more broader issue of networking.

I would say most Zimbra installs are on machines that have private addresses. Mine is certainly no exception. I use a router/firewall device to connect to my ISP and pass data between my private network and the internet.

The router/firewall device should be able to do what's called "Port forwarding". That is, pass requests from port 25 (SMTP) on the internet side of the router through to the local ip address of the Zimbra server. There are some wonderful opensource routers out there such as IPCop or DD-WRT. Check them out.

You then will need to setup a local DNS server that points to your private IP address of the Zimbra server when queried for mail.yourdomain.com

Then make sure that your local workstations list the DNS server's address FIRST before any external DNS addresses.

Personally I have a DNS server running on the Zimbra server itself as I run Zimbra on a general purpose CentOS4 setup (webserver, Zimbra, DNS, Samba etc.), and it works really well.

After re-reading your post, it sounds to me like a DNS issue. You'll need a Local DNS server for your private network to make what you are trying to do, work. From what I understand from your post is that you need:

From inside your network:

mail.yourdomain.com to resolve to 192.168.0.xxx (or whatever)

and from outside your network:

mail.yourdomain.com to resolve to 24.xxx.xxx.xxx or whatever your Internet visible IP is.

Check out the Centos forums for how to configure your local DNS server. It's pretty straightforward.


regards,

jimbo

[phoenix]

Just search these forums for 'DNS in a nutshell' it tells you exactly what you need for the correct settings on your server. There's really not much to it.

[RJB]

Right I dig that, but that's technally spoken wrong.
An internet-address(FQDN) should never have a non-routable (private address).
I do not need to use my internal dns for my local pc's to point to the 192.168. address because my router/firewall can route the external address internally.
It's only the server on which Zimbra lives where I should do the trick.

So the real question was: is there a solution which does it in an other way.

Why are most of the paths relative and some paths absolute?

In my old situation everything works ok only the places(documents) where abolute paths are used don't work.

RJ

[phoenix]

Then you need split-DNS and that's covered in the wiki. Zimbra (postfix) will do a dns lookup on the domain name for your server, it has to be able to resolve that to your server. If it's a private LAN IP then it won't get resolved to that IP only to the public IP, you'll need a local DNS server.

[RJB]

I am using split dns in this example. (first post )

It's not my first server.
On servers I've installed with a none private-addresses everything works perfect.

With servers installed on a private-address behind a router I've tried several things but all with the same problem.
The documents option doesn't work well. It looks like it's using absolute adresses.
When you insert an image it doesn't work or locally it works and external it doesn't.
This could of cause have something to do with the fact that it's in beta status or (I thought) maybe there is an other way or maybe I'm doing something wrong here.

If I'm the only one having this problem, I should be doing something wrong and somebody should know.

RJ

[akirsch]

What are you referring to when you say "Absolute Addresses"

I use zimbra on a private IP, I have a local DNS server that provides lookup for all machines inside my lan.. Everything outside my lan using the public DNS record which points to my public ip (which then uses NAT -> private)...

[akirsch]

I reread your post, I guess I did not really read it to well..

With my router/firewall I can't route NAT traffic from the lan->wan->lan (use the external ip) for any of my servers.. (So if I'm on my LAN I can't access my servers by their Public IPS) So I have to override the DNS entries with their internal IPs.

As far as creating DNS entries with private IPs or non-routable IPs, I agree you should never do it on publicly accessible dns servers but that is the correct lookup/route if your on your LAN.

[phoenix]

Quote:

Originally Posted by RJB

I do not need to use my internal dns for my local pc's to point to the 192.168. address because my router/firewall can route the external address internally.

If you're saying that your router does loopback to allow you to address the internal LAN by their public address with port forwarding that doesn't matter. You still need an internal DNS server to point to your LAN IP address. Using the router loopback feature doesn't do it. Why don't you set-up a local DNS server and see if it works, you've nothing to lose.

[RJB]

I know it works with a local DNS which points to a private addres and the hostname is the real internet hostname.
Like server.company.com A 192.168.65.170.
You could also use your hosts file for this but this is not what I want.

Locally I wan't to give it a local name like: server.company.local A 192.168.65.170 and
at the sametime remotely(internet) server.company.com A 213.213.213.213
This can be done with one nameserver if you whish.
Two is of cause also possible. One local for company.local domain and one remote for company.com domain.

In this way the nameserver setup is correct the way it should be.

Consequence is that all links used in Zimbra should be independant of the hostname because locally the server has a different name then via internet.
To make it more complex, locally I can reach the internetname but that's depending on your router/firewall and does not always works.

When you set it up like this the "documents" function "insert image" only works when your URL has the hostname of the server which you created during install.
In this case it was server.company.local

Everything else works with both hostnames.
The same story for a port change in the router: say incoming 8000, outgoing 80 everything works accept the "documents". Here the URL also changes.

This is what I call absolute links. It's including the hostname(fqdn) and relative starts after the hostname.

Well I see 4.5.0-GA is out. Let's go.

RJ