Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: [SOLVED] Howto: Bind to one specific IP / Listen to one IP

  1. #1
    Join Date
    Sep 2005
    Posts
    5
    Rep Power
    10

    Exclamation [SOLVED] Howto: Bind to one specific IP / Listen to one IP

    Hi guys,

    I've read a lot of questions how to bind zimbra to only one specific IP address, even if you have more than one IP on your linux host.

    In this post I want to give you a small howto and tell you a little bit about my experiences with binding zimbra to only one IP.

    I've tested these options with Zimbra 4.5 Open-Source Edition.
    Attention: As Zimbra 5 uses jetty instead of tomcat this howto is not completely compatible with Zimbra 5!

    First of all, what services do we have and how do they bind by default:

    - postfix (smtp): binds to any IP and to localhost
    - amavisd-new: binds to localhost
    - mysql: binds to localhost
    - ldap: binds one IP (that hostname) given at setup
    - clamd: binds to any IP
    - Tomcat (http, https, ..): binds to any IP
    - Zimbra java (imap(s), pop3(s)): binds to any IP
    - Apache (ispell, Port 7780): binds to any IP

    So the services amavisd-new, mysql and ldap behave already very cooperative.

    postfix:
    Postfix binds to any IP by default. You can change its behaviour by modifying postfix-2.2.9/conf/master.cf to (replace vvv.xxx.yyy.zzz with yourIP):

    Code:
    #=========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    vvv.xxx.yyy.zzz:smtp      inet  n       -       n       -       -       smtpd
    (Hint for those who could ask: It is not a good idea to use smtp_bind_address, because with this option postfix binds even for outgoing connections to the IP set and can't connect then to amavisd-new which is listening on the localhost interface)

    Tomcat:
    Tomcat binds to any IP by default. You can change its behaviour by adding address="..." to your apache-tomcat-5.5.15/conf/server.xml.in (replace vvv.xxx.yyy.zzz with your IP):

    Code:
    ...
            <!-- HTTPBEGIN -->
        <Connector port="%%zimbraMailPort%%"
            address="vvv.xxx.yyy.zzz"
            acceptCount="1024" URIEncoding="UTF-8"
    ...
            <!-- HTTPSBEGIN
        <Connector port="%%zimbraMailSSLPort%%"
            address="vvv.xxx.yyy.zzz"
            acceptCount="1024" URIEncoding="UTF-8"
    ...
        <!-- admin services connector; requires SSL -->
        <Connector port="7071"
            address="vvv.xxx.yyy.zzz"
            acceptCount="1024" URIEncoding="UTF-8"
    ...
    Zimbra java
    The Zimbra services listen to any IP address by default.

    The Zimbra java application reads its configuration values for imap, pop3, imaps, pop3s from the ldap directory. Although there is no possibility to change its listening ip address by the webinterface (ok, there is one, but only for pop3) it is possible by directly adding the config params into ldap.
    So you first have to connect to the ldap server (i.e. with the ldap browser at http://www.iit.edu/~gawojar/ldap). Read Ldap hints* for more information how to connect.

    Now you can add the following attributes (as String) under the directory cn=servers,cn=<your zimbra servers hostname> and give them your IP vvv.xxx.yyy.zzz as value:
    • zimbraPop3BindAddress
    • zimbraPop3SSLBindAddress
    • zimbraImapBindAddress
    • zimbraImapSSLBindAddress
    • zimbraLmtpSSLBindAddress
    Apache:
    Apache binds to any IP by default. Edit conf/apache.conf and modify the following lines (replace vvv.xxx.yyy.zzz with your IP):
    Code:
    ...
    # Change this to Listen on specific IP addresses as shown below to
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    #Listen 12.34.56.78:80
    
    Listen vvv.xxx.yyy.zzz:7780
    
    #
    # Dynamic Shared Object (DSO) Support
    #
    ...
    clamd:
    Attention: not tested yet, it is better to leave these settings untouched!
    clamd binds to any IP address by default. Edit conf/clamd.conf.in and remove the # from the following line:
    Code:
    # TCP address.
    # By default we bind to INADDR_ANY, probably not wise.
    # Enable the following to provide some degree of protection
    # from the outside world.
    # Default: disabled
    TCPAddr 127.0.0.1
    Problems:
    • 02-04-2007: Don't know if its really because of the settings above, but the simple Client refuses to work: (A network service error has occurred (zclient/io).
    • 02-05-2007: All of this will be overwritten on upgrade, so save your changes, and when you do upgrade, re-apply them (but DO NOT simply replace the new configs with the old, since that will probably break your install).


    Thats it:

    Ok, thats it. It is a good idea to stop all services except of ldap before doing these modification. After a restart of zimbra all services either bind to localhost or to your specified IP. As you see, most of the config params can only be set AFTER installation!

    I hope it helps somebody. Please post your questions/comments/...
    I'll try to keep this thread up-to-date and extend it with the comments/tips others have written in this thread.

    Greets
    MrDigi

    -----

    *Ldap hints:
    • Host: your zimbra server
    • Port: 389
    • Version: 3
    • Base dn: zimbra
    • don't bind anonymous, but:
    • User DN: uid=zimbra, cn=admins, cn=zimbra
    • Password: your ldap password (you get it by executing: su - zimbra -c "/opt/zimbra/bin/zmlocalconfig -s |grep ldap_root_password"
    Last edited by MrDigi; 11-23-2007 at 04:48 PM.

  2. #2
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    Great job, MrDigi! This is invaluable for many situations. It would be great to get this added to the wiki and refined over time.

    Thanks for your work.

  3. #3
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Good job!

  4. #4
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default Beware upgrades

    All of this will be overwritten on upgrade, so save your changes, and when you do upgrade, re-apply them (but DO NOT simply replace the new configs with the old, since that will probably break your install).
    Bugzilla - Wiki - Downloads - Before posting... Search!

  5. #5
    Join Date
    Jan 2006
    Posts
    81
    Rep Power
    9

    Default

    Quote Originally Posted by marcmac View Post
    All of this will be overwritten on upgrade, so save your changes, and when you do upgrade, re-apply them (but DO NOT simply replace the new configs with the old, since that will probably break your install).
    All the more reason that this should be an install/config option. I understand that Zimbra is intended to be a standalone installation, but that isn't always possible.

    Oh and yes, I have voted for this in bugzilla
    Jacob Turner
    Ringnebula Systems - Ukiah, CA

  6. #6
    Join Date
    Apr 2006
    Posts
    21
    Rep Power
    9

    Default

    Hello

    One stupid question but somehow related! How can I force LDAP to listen on ALL the IPs instead of the one IP?

    Regards
    Kia

  7. #7
    Join Date
    Jan 2007
    Posts
    30
    Rep Power
    8

    Default

    Great info!
    I'm trying to setup the OS edition to co-exist with a few other services...the only conflict I see so far is port 80. Can I change just Tomcat and be fine?
    For that matter, could I change the systems built in apache to listen on another IP and let Zimbra do its own thing?

    Anyone running OS edition and Asterisk/FreePBX on the same box?

  8. #8
    Join Date
    Sep 2006
    Location
    Space station 101
    Posts
    182
    Rep Power
    9

    Exclamation Installation binding assistance

    Hi all,

    Would it no be an easy thing to add a quick check upon installation (similar to that of the dns check) which allows an admin to choose which interface to bind the zimbra suite to?

    thanks

    Costa
    ------------------------------
    http://www.lcrm.co.uk

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Costa-101 View Post
    Hi all,

    Would it no be an easy thing to add a quick check upon installation (similar to that of the dns check) which allows an admin to choose which interface to bind the zimbra suite to?
    Search bugzilla and vote on any entry that relates to this.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Sep 2006
    Location
    Space station 101
    Posts
    182
    Rep Power
    9

    Lightbulb Vote for this

    http://bugzilla.zimbra.com/show_bug.cgi?id=15751

    If you feel this bug file is warranted please vote to show your support.

    thanks

    Costa
    ------------------------------
    http://www.lcrm.co.uk

Similar Threads

  1. Tomcat listen specific IP address
    By bibo in forum Administrators
    Replies: 2
    Last Post: 07-09-2007, 01:13 PM
  2. Ability to designate an IP Address
    By Isi in forum Administrators
    Replies: 18
    Last Post: 05-22-2007, 03:45 AM
  3. Replies: 2
    Last Post: 05-10-2007, 05:45 PM
  4. Views on Public vs. NAT'd IP and Bind
    By LMStone in forum Administrators
    Replies: 5
    Last Post: 10-12-2006, 02:28 PM
  5. New installation - Tomcat dying.
    By Goldfingerz in forum Installation
    Replies: 7
    Last Post: 10-03-2006, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •