Results 1 to 10 of 10

Thread: Moving to a NAT setup

  1. #1
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default Moving to a NAT setup

    We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.

    My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by adambmedent View Post
    We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.

    My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.
    Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    Quote Originally Posted by phoenix View Post
    Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).
    Looks like it won't be an issue, I see quite a few have issues if they are changing the hostname, I am looking to change the IP only. I plan on doing a complete VM backup before, this way I can restore the entire VM if the cutover doesn't go as planned. I appreciate the input.

  4. #4
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    Well I gave this a try last night and couldn't seem to get things working. I ended up having to restore from my backup. Here is what I did.

    /etc/dnsmasq.conf
    server=10.80.1.6
    domain=medent.com
    mx-host=medent.com,webmail.medent.com,5
    /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    10.80.8.45 webmail.medent.com webmail
    /etc/resolv.conf
    search medent.com
    nameserver 127.0.0.1
    [root@webmail2 ~]# host `hostname`
    webmail.medent.com has address 10.80.8.45
    I am pretty sure it has something to do with my split dns setup but couldn't seem to pin it down. Just noticed that I have another domain to test with. I am going to setup a test server to see where I am going wrong, im sure it is something quite simple.
    Last edited by adambmedent; 12-31-2013 at 06:04 AM.

  5. #5
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    Well I will make note not to edit posts as they have to get approved each and every time, what a pain.

    I setup a fresh CentOS6.5 VM. Setup DNSmasq and installed a fresh zimbra 8.0.6. I made it a bit further but I seem to still be having issues.

    I can successfully send emails now but can't recieve which makes me think something is still wrong with my DNSmasq setup.

    [root@webmail2 ~]# cat /etc/hosts
    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    10.80.8.45 webmail2.medent.com webmail2
    [root@webmail2 ~]# cat /etc/resolv.conf
    search medent.com
    nameserver 127.0.0.1
    [root@webmail2 ~]# cat /etc/dnsmasq.conf
    server=208.67.222.222
    server=8.8.8.8
    domain=webmail2.medent.com
    mx-host=webmail2.medent.com,webmail2.medent.com,30
    The only way I could get zimbra to install without complaining about MX records was to use webmail2.medent.com instead of just medent.com.

    [root@webmail2 log]# dig medent.com mx

    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43553
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;medent.com. IN MX

    ;; ANSWER SECTION:
    medent.com. 900 IN MX 30 webmail2.medent.com.
    medent.com. 900 IN MX 20 webmail.medent.com.

    ;; Query time: 17 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 31 08:32:34 2013
    ;; MSG SIZE rcvd: 77
    [root@webmail2 log]# dig medent.com any

    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9609
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;medent.com. IN ANY

    ;; ANSWER SECTION:
    medent.com. 795 IN A 65.114.41.3
    medent.com. 90 IN MX 30 webmail2.medent.com.
    medent.com. 90 IN MX 20 webmail.medent.com.
    medent.com. 795 IN NS authns1.qwest.net.
    medent.com. 795 IN NS authns2.qwest.net.
    medent.com. 733 IN SOA authns1.qwest.net. dns-admin.qwestip.net. 2130409000 10800 3600 604800 86400

    ;; Query time: 11 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 31 08:46:04 2013
    ;; MSG SIZE rcvd: 200
    [root@webmail2 log]# host `hostname`
    webmail2.medent.com has address 10.80.8.45

  6. #6
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    So trying a few more things and looking over my configs. I was definitely missing a line in me /etc/dnsmasq, and I changed it to just domain.com like the split dns examples in the wiki. Below is what I have now, but I am still have the same issues. I can send emails but I can recieve, so I am still thinking the issue is with dnsmasq. I have confirmed a number of times that my port forwards are working.

    [root@webmail2 ~]# cat /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    10.80.8.45 webmail2.medent.com webmail2
    [root@webmail2 ~]# cat /etc/resolv.conf
    search medent.com
    nameserver 127.0.0.1
    /etc/dnsmasq.conf
    server=208.67.222.222
    server=8.8.8.8
    domain=medent.com
    mx-host=medent.com,webmail2.medent.com,30
    listen-address=127.0.0.1
    [root@webmail2 log]# dig medent.com mx

    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54598
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;medent.com. IN MX

    ;; ANSWER SECTION:
    medent.com. 0 IN MX 30 webmail2.medent.com.

    ;; ADDITIONAL SECTION:
    webmail2.medent.com. 0 IN A 10.80.8.45

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 31 13:44:53 2013
    ;; MSG SIZE rcvd: 79
    [root@webmail2 log]# dig medent.com any

    ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31836
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;medent.com. IN ANY

    ;; ANSWER SECTION:
    medent.com. 0 IN MX 30 webmail2.medent.com.

    ;; ADDITIONAL SECTION:
    webmail2.medent.com. 0 IN A 10.80.8.45

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 31 13:44:57 2013
    ;; MSG SIZE rcvd: 79
    [root@webmail2 log]# host $(hostname)
    webmail2.medent.com has address 10.80.8.45
    Stumped, but still digging. Appreciate any input.

  7. #7
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    I ended up working my way through this. For the life of me I couldn't get dnsmasq to work properly, so I went back to trying to get bind/named working. Sure enough I was able to get that working. I appreciate the input! Happy new year!

  8. #8
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    I just made the cutover on our production mail server. It went much better but I still ran into an issue that had me stumped for a bit. I guess there is something you need to worry about when changing the IP. Hopefully this helps someone else who does this.

    Change IP Address of Zimbra Mail Server : How to Resolve the Problem | Spirit of Change

  9. #9
    Join Date
    Mar 2007
    Location
    Columbus, OH
    Posts
    26
    Rep Power
    8

    Default

    Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.

  10. #10
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    3

    Default

    Quote Originally Posted by nrc View Post
    Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.
    Yea I went with DNSmasq as from the looks of it, seems much simpler. I just couldn't get it to work, bind is seems to be doing well though. I use untangle as my firewall/UTM, this move was in efforts to utilize Untangle's spam filtering abilities. So far its doing a great job.

Similar Threads

  1. Moving from single to multi-domain setup questions
    By yonatan in forum Administrators
    Replies: 21
    Last Post: 11-05-2012, 12:04 AM
  2. Moving from single to multi-domain setup questions
    By yonatan in forum Installation
    Replies: 13
    Last Post: 05-03-2012, 11:29 AM
  3. Moving from OSE to NE 7.0
    By stuartg in forum Installation
    Replies: 1
    Last Post: 02-26-2011, 01:13 AM
  4. [SOLVED] Verison setup and Outlook setup
    By oldsouth in forum Zimbra Mobile
    Replies: 6
    Last Post: 11-13-2009, 04:46 PM
  5. Converting single machine setup to multiserver setup
    By n.bochev in forum Installation
    Replies: 1
    Last Post: 10-13-2009, 10:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •