Results 1 to 9 of 9

Thread: Firewall on RHEL 4

  1. #1
    brianpwolfe is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    18
    Rep Power
    8

    Default Firewall on RHEL 4

    I have just installed zimbra on port 8080 and 8443. I am trying to connect via my browser at http://domainname.org:8080 and I am getting nowhere.

    I am not that familiar with the iptables and firewalls, but have used the /etc/sysconfig/system-config-securitylevel tool to change the firewall rules.

    I added 8080:tcp to the bottom of the screen and saved the configuration. I was still unable to get through.

    Any advice? Everything seems to be running fine. I can even do a wget, and get the index.html page from the command line.

  2. #2
    AimanA is offline Active Member
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    I'm sure it's probably something simple. I will take a crack at it with my test RHEL4 box tomorrow at work and see if I can find anything sticking out.

    system-config-x wizards... lol.. I do everything by editing the /etc files.
    It only takes a few flakes working together to unleash an avalanche of destruction.
    chown -R us ./yourbase
    http://www.aimana.net

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by brianpwolfe View Post
    Any advice? Everything seems to be running fine. I can even do a wget, and get the index.html page from the command line.
    It is recommended that you do not run SElinux or a firewall on your Zimbra server, it can cause problems. You don't actually need a firewall on your Zimbra server unless it's directly connected to the internet - and you shouldn't really do that.

    Having said that I believe there are some posts in the forum about people having done it successfully.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    brianpwolfe is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    18
    Rep Power
    8

    Default ?

    You mentioned not having it directly connected to the internet. Are you saying that you should run a firewall router or a proxy?

    I do not have very much experience with either, but if you have the experience this is what I would like to do.

    Have zimbra running on port 8080. Set up a proxy (i guess) that forwards everything sent to http://mail.domain.com to http://domain.com:8080.

    I am also using tomcat on port 80 right now for the root application. I was trying to determine my best/suggested layout. Here is what I had in mind.

    Run Apache on port 80. Change my current tomcat to another port 9090, have zimbra on 8080. Set up apache to proxy requests for mail.domain.com to port 8080, and everything else to 9090. I thought that introducing Apache would give me more flexibility, but also introduce more compexity.

    My other options that I do not know would be very easy. Set up tomcat to handle the request? I only have 1 webapp running. so possible deploying it on the tomcat that zimbra runs.

    Any suggestions. I will look around and see what some others have done.

  5. #5
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    There's nothing wrong with running zimbra on public facing server, and it works fine with rhel4 iptables. You may find it easier to disable the firewall while you install it, then put a deny all policy back in place and open up just ports you need.

    if you telnet to port 8080, and do:

    GET / HTTP/1.0
    and hit enter twice, what do you get back?

  6. #6
    w1nz is offline Active Member
    Join Date
    Jan 2007
    Posts
    39
    Rep Power
    8

    Default

    Quote Originally Posted by AimanA View Post
    I'm sure it's probably something simple. I will take a crack at it with my test RHEL4 box tomorrow at work and see if I can find anything sticking out.

    system-config-x wizards... lol.. I do everything by editing the /etc files.
    AimanA I love your sig so much I'm stealing it. FYI it's the "chown -R us ./yourbase "

  7. #7
    AimanA is offline Active Member
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    Quote Originally Posted by w1nz View Post
    AimanA I love your sig so much I'm stealing it. FYI it's the "chown -R us ./yourbase "
    haha... glad I could help.

    In re this thread, I didnt see anything in the config of the RHEL4 firewall that would specifically break webapp functionality, no matter what port its listening on (this is on my 'test' RHEL4 AS SELinux enabled box).
    It only takes a few flakes working together to unleash an avalanche of destruction.
    chown -R us ./yourbase
    http://www.aimana.net

  8. #8
    w1nz is offline Active Member
    Join Date
    Jan 2007
    Posts
    39
    Rep Power
    8

    Default

    Just an FYI, I had a ton of problems installing Zimbra on RH EL 4 my first time, then once I read through the installation quick start guide I found this:

    Firewall Configuration should be set to No firewall, and the Security
    Enhanced Linux (SELinux) should be disabled.


    There might be something going on with Zimbra where no matter what you do, if you have that firewall on and SELinux enabled, Zimbra will not work properly. As long as the server itself is behind a Firewall other than the built in Linux firewall you should be ok anyway.

  9. #9
    brianpwolfe is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    18
    Rep Power
    8

    Default Getting Further

    I have gotten things to work the way I wanted without the need to modify the firewall. I am now using apache to listen on port 80, and proxy requests to port 8080 for my zimbra mail. I have also changed the port number of my original tomcat install to 10080 and configured it with proxy support with apache as well.

    The only thing I do not have working is the admin app. I have not looked into it enough yet, but I need to proxy requests to it as well.

    Thanks for the help.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP auth working only when firewall stopped
    By brousky in forum Installation
    Replies: 1
    Last Post: 09-19-2006, 06:32 AM
  2. help ! Zimbra install RHEL 4 brhind firewall
    By pany in forum Installation
    Replies: 2
    Last Post: 08-23-2006, 06:17 AM
  3. LDAP through Firewall
    By kevindods in forum Installation
    Replies: 3
    Last Post: 11-29-2005, 05:04 PM
  4. Firewall ports I have opened up
    By robroadie in forum Administrators
    Replies: 1
    Last Post: 11-10-2005, 08:42 AM
  5. Server behind firewall
    By VmarkV in forum Installation
    Replies: 3
    Last Post: 11-05-2005, 09:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •