Firewall on RHEL 4

[brianpwolfe]

I have just installed zimbra on port 8080 and 8443. I am trying to connect via my browser at http://domainname.org:8080 and I am getting nowhere.

I am not that familiar with the iptables and firewalls, but have used the /etc/sysconfig/system-config-securitylevel tool to change the firewall rules.

I added 8080:tcp to the bottom of the screen and saved the configuration. I was still unable to get through.

Any advice? Everything seems to be running fine. I can even do a wget, and get the index.html page from the command line.

[AimanA]

I'm sure it's probably something simple. I will take a crack at it with my test RHEL4 box tomorrow at work and see if I can find anything sticking out.

system-config-x wizards... lol.. I do everything by editing the /etc files.

[phoenix]

Quote:

Originally Posted by brianpwolfe

Any advice? Everything seems to be running fine. I can even do a wget, and get the index.html page from the command line.

It is recommended that you do not run SElinux or a firewall on your Zimbra server, it can cause problems. You don't actually need a firewall on your Zimbra server unless it's directly connected to the internet - and you shouldn't really do that.

Having said that I believe there are some posts in the forum about people having done it successfully.

[brianpwolfe]

You mentioned not having it directly connected to the internet. Are you saying that you should run a firewall router or a proxy?

I do not have very much experience with either, but if you have the experience this is what I would like to do.

Have zimbra running on port 8080. Set up a proxy (i guess) that forwards everything sent to http://mail.domain.com to http://domain.com:8080.

I am also using tomcat on port 80 right now for the root application. I was trying to determine my best/suggested layout. Here is what I had in mind.

Run Apache on port 80. Change my current tomcat to another port 9090, have zimbra on 8080. Set up apache to proxy requests for mail.domain.com to port 8080, and everything else to 9090. I thought that introducing Apache would give me more flexibility, but also introduce more compexity.

My other options that I do not know would be very easy. Set up tomcat to handle the request? I only have 1 webapp running. so possible deploying it on the tomcat that zimbra runs.

Any suggestions. I will look around and see what some others have done.

[dijichi2]

There's nothing wrong with running zimbra on public facing server, and it works fine with rhel4 iptables. You may find it easier to disable the firewall while you install it, then put a deny all policy back in place and open up just ports you need.

if you telnet to port 8080, and do:

GET / HTTP/1.0
and hit enter twice, what do you get back?

[w1nz]

Quote:

Originally Posted by AimanA

I'm sure it's probably something simple. I will take a crack at it with my test RHEL4 box tomorrow at work and see if I can find anything sticking out.

system-config-x wizards... lol.. I do everything by editing the /etc files.

AimanA I love your sig so much I'm stealing it. FYI it's the "chown -R us ./yourbase "

[AimanA]

Quote:

Originally Posted by w1nz

AimanA I love your sig so much I'm stealing it. FYI it's the "chown -R us ./yourbase "

haha... glad I could help.

In re this thread, I didnt see anything in the config of the RHEL4 firewall that would specifically break webapp functionality, no matter what port its listening on (this is on my 'test' RHEL4 AS SELinux enabled box).

[w1nz]

Just an FYI, I had a ton of problems installing Zimbra on RH EL 4 my first time, then once I read through the installation quick start guide I found this:

Firewall Configuration should be set to No firewall, and the Security
Enhanced Linux (SELinux) should be disabled.

There might be something going on with Zimbra where no matter what you do, if you have that firewall on and SELinux enabled, Zimbra will not work properly. As long as the server itself is behind a Firewall other than the built in Linux firewall you should be ok anyway.

[brianpwolfe]

I have gotten things to work the way I wanted without the need to modify the firewall. I am now using apache to listen on port 80, and proxy requests to port 8080 for my zimbra mail. I have also changed the port number of my original tomcat install to 10080 and configured it with proxy support with apache as well.

The only thing I do not have working is the admin app. I have not looked into it enough yet, but I need to proxy requests to it as well.

Thanks for the help.