Results 1 to 2 of 2

Thread: DNS and NAT

  1. #1
    Join Date
    Feb 2011
    Posts
    20
    Rep Power
    4

    Default DNS and NAT

    I'm using Zimbra Network Edition 6.0.1 in network architecture where I have Firewall with these 3 interfaces:

    • external DMZ (public network)
    • LAN (private network)
    • Internet (public netwotk)


    n.1 Zimbra Store and n.1 Zimbra Proxy have been installed in LAN, so my firewall (FW) does this translation for every user which access from Internet...

    (Internet user) Public IP → Pubblic IP Zimbra (Virtual Public IP into my DMZ) TRANSLATED INTO:
    (Internet user) Public IP → Internal Zimbra proxy (Private IP into my LAN)

    Zimbra proxy has a static route to my firewall to answer to EXTERNAL requests.


    MY GOAL:

    1) I'd like to move Zimbra Proxy to external DMZ and to keep Z.Store in LAN.
    I'd like my FW to use NAT Mechanism to permit access to internal Z.Store.
    Someone told me that this doesn't work as there are communication problems between Z.Store and Z.Proxy with NAT mechanism, because Zimbra protocol doesn't support NAT.


    2) I'd like to solve an access problem to Zimbra store from private network.
    Actually Z.Store and Z.Proxy are in a private internal network. We use
    two different DNS -DNS (E): domain EXTERNAL.COM
    for INTERNET (e.g. for Web service, mail domain,...)

    -DNS (I): domain INTERNAL.COM
    for my LAN (all machines inside LAN)

    Z.Store, Z.Proxy and internal clients are using DNS 'I'.

    Zimbra code refers to Z.Store using the name 'zstore.external.com' and to Z.Proxy using 'zi.external.com'.
    When people access from Internet there are no problems.
    When people access from LAN, they type directly http://IPADDRESS of Zstore server into their browsers; sometimes Zimbra HTML code references to 'http://zstore.external.com' and user clients are not able to solve this 'zstore.external.com' because they use DNS 'I'.
    I'd like to avoid adding new subzone 'internal.com' into my DNS 'I' for the Zimbra machines.
    Can you suggest me alternative solution ?

  2. #2
    Join Date
    Sep 2008
    Location
    Fayetteville, AR
    Posts
    14
    Rep Power
    7

    Default

    Quote Originally Posted by UltimoTangoAparigi View Post
    MY GOAL:

    1) I'd like to move Zimbra Proxy to external DMZ and to keep Z.Store in LAN.
    I'd like my FW to use NAT Mechanism to permit access to internal Z.Store.
    Someone told me that this doesn't work as there are communication problems between Z.Store and Z.Proxy with NAT mechanism, because Zimbra protocol doesn't support NAT.


    2) I'd like to solve an access problem to Zimbra store from private network.
    Actually Z.Store and Z.Proxy are in a private internal network. We use
    two different DNS -DNS (E): domain EXTERNAL.COM
    for INTERNET (e.g. for Web service, mail domain,...)
    I don't know much about Zimbra Proxy, but I don't see why it would have problems with NAT. From my experience, apps that choke on "NAT" usually only really have a problem with PAT and the random high ports that get used. If you're just doing simple 1-to-1 NAT, I don't know how an application could even tell that it happened.

    As far as your other issue goes - it sounds like you just need split-DNS.

Similar Threads

  1. install on nat server that uses DHCP?
    By authsum in forum Installation
    Replies: 1
    Last Post: 04-03-2008, 02:56 PM
  2. DNS Questions and Trouble Installing
    By smurraysb in forum Installation
    Replies: 22
    Last Post: 03-14-2008, 04:27 PM
  3. Replies: 3
    Last Post: 06-07-2007, 08:19 AM
  4. Replies: 1
    Last Post: 02-28-2007, 10:09 PM
  5. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 08:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •