Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Topology of new installation

  1. #1
    Join Date
    Mar 2007
    Posts
    19
    Rep Power
    8

    Default Topology of new installation

    I'm planning a new Zimbra installation and thought I'd run my proposed network layout past everyone here...

    We will be getting a T1 installed soon. So I plan to put the mail server on the end of this - outside of our LAN's firewall.
    i.e.



    Does this make sense do you think? Or should I be putting the Zimbra server inside the firewall?

  2. #2
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    My server sits on the public internet. I have an IPTables firewall protecting all ports that are not essential for service. The Linux firewall is quite robust if configured properly, and I don't see a real need to protect the system with a firewall appliance. Most firewalls are just running a slimmed down & hardened version of Linux anyways.

    OOPS. Just looked at your diagram closely... I REALLY wouldn't put the thing behind a NAT'ing firewall because that will cause more headaches than it could possibly solve.
    Last edited by AimanA; 03-21-2007 at 10:56 AM. Reason: I didnt read the diagram... oops

  3. #3
    Join Date
    Apr 2006
    Location
    Illinois
    Posts
    194
    Rep Power
    9

    Default

    Are you planning to at least have a firewall running on the server? I personally would not put a server outside of any firewall. But that's just me.

  4. #4
    Join Date
    Mar 2007
    Posts
    19
    Rep Power
    8

    Default

    Yes, the reason I've put it outside the firewall is to avoid NATing.

    This caused me loads of problems on a test server I setup. In fact, I couldn't get it to work and gave up.

    I can setup a firewall on the Zimbra server as AimanA suggests. I haven't setup IP Tables before though. I think I'd use firestarter to set that up.

    Does this setup make sense?
    What do most people do?

  5. #5
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    What flavor of Linux are you setting this up on? Most distros come with a firewall configuration utility that is pretty robust. I know that SuSE and RedHat both have excellent ones.

    Basically you want to specify as the firewall as "on" and specify port exceptions for your MTA(25), Web front end(80), or HTTPS (443), ZCSAdmin (7071), and POP or IMAP ports. Personally, I have my SSH and ZCSAdmin ports open only to specific IP's, but thats a fairly advanced config.

    If you tell me what distro you are using I can probably point you at the config utility.

  6. #6
    Join Date
    Mar 2007
    Posts
    19
    Rep Power
    8

    Default

    I haven't decided 100% on the distro yet.

    I was originally going to use CentOS, but I was thinking that if I ever upgraded to one of the paid-for version I might struggle to get official support.

    Because of this, I was thinking of using Red Hat or Suse (which are supported).
    I was also considering Ubuntu because I have used this before, however it still isn't officially supported - although this is in the pipeline I think.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Ubuntu LTS is currently in beta (not supported but we want feedback ) and will probably go GA soon(ish), if you want to use CentOS then you could always move to RHEL later if you upgrade to NE.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    SLES 10 is a great platform, as is RedHat. SUSE & RedHat have a less expensive support option where you can buy the basic server with 1 year of upgrades (patches, etc) for $349. Obviously this does not include phone support, but RH has 2 day response email support, and SuSE has online/forum support which is very good.

    Personally, I have Administered both SuSE SLES10 and RedHat RHEL4 in enterprise production environments, and I must say that I MUCH prefer SLES over RedHat. (many have asked why I prefer SuSE to RH, and it is because of the quality of their technical support. I've spoken to a couple of RH "engineers" that were pretty much booger eating morons with a "paper" RHCE that knew squat about linux in the real world. Also, SLES has an awesome configuration tool, YaST).

    SLES10:
    http://www.novell.com/products/server/howtobuy.html

    RHEL4:
    https://www.redhat.com/apps/store/server/rhel.html
    Last edited by AimanA; 03-23-2007 at 07:24 AM.

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    SLES 10 isn't supported for NE installs (yet).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Jan 2007
    Location
    Rochester, NY
    Posts
    45
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    SLES 10 isn't supported for NE installs (yet).
    Yeah, unfortunately, I know. Thats why I'm holding off on my recommendation for this migration that I am consulting on.

Similar Threads

  1. Installation Failed
    By freit5 in forum Installation
    Replies: 2
    Last Post: 08-18-2006, 12:38 AM
  2. Installation fails on zimbra-store
    By wyleyrabbit in forum Installation
    Replies: 8
    Last Post: 01-15-2006, 08:19 AM
  3. Replies: 16
    Last Post: 01-05-2006, 09:55 AM
  4. Installation on FC3 under Xen
    By andreground in forum Installation
    Replies: 9
    Last Post: 11-14-2005, 10:29 AM
  5. Installation problem
    By sywong70 in forum Installation
    Replies: 5
    Last Post: 11-07-2005, 09:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •