Results 1 to 3 of 3

Thread: Multi server installation across private (RFC 1918) and official networks

Hybrid View

  1. #1
    Join Date
    Apr 2011
    Posts
    5
    Rep Power
    4

    Default Multi server installation across private (RFC 1918) and official networks

    Hello,

    I want to set up a ZCS 7.1.3 network edition system with four servers. Two of the servers, the central directory server for ZCS and other applications and the mailstore server, should be in a private network with private RFC 1918 IP addresses and a DNS server for the private network. The other two servers, one MTA handling incoming and outgoing emails and one proxy server for web and IMAP proxying, should have official IP addresses with worldwide resolvable names. Between the two networks there is a packet filtering firewall with two interfaces which NATs the internal network. All in all I have:

    Private network with:
    - Directory server (192.168.1.10, ds.mydomain.pri)
    - Mailstore server (192.168.1.11, ms.mydomain.pri)

    Paket filtering firewall

    Official network with:
    - Mail exchange server (mx2.mydomain.de)
    - IMAP/HTTP proxy server (comms.mydomain.de)

    Now, the problem is that I can not make the external proxy server talk to the internal mailstore server. Web proxying does not work, nginx gives a "bad gateway" message.

    I have a case open at Zimbra with this question but maybe someone here can help. I do not think that my setup is something special so it must be possible somehow.

    Does someone have a similar setup and could give me some configuration hints?

    Thank you.

    Regards,
    Willi

  2. #2
    Join Date
    Jul 2010
    Location
    Austria
    Posts
    59
    Rep Power
    5

    Default

    should be no problem at all. we are running a similar setup with 2 balanced frontends, 3 backends and 1 ldap master. 3 backends and the ldapmaster do have private addresses. you should look if the frontends can reach the backends with all needed ports (route lookup, proxy ports)

  3. #3
    Join Date
    Apr 2011
    Posts
    5
    Rep Power
    4

    Default

    I was quite sure that it should be possible although Zimbra support told me that it I want to achieve an unsupported setup.
    Can you please tell me what you configured during install? That's what I did.

    On mailstore with private IP address:

    Installing:
    zimbra-core
    zimbra-logger
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-convertd

    Hostname: mailstore.mydomain.pri

    Configure for use with mail proxy
    Configure for use with web proxy

    On external proxy server with official IP address:

    Installing:
    zimbra-core
    zimbra-memcached
    zimbra-proxy

    Hostname: comms.mydomain.de

    Enable HTTP[S] Proxy

    On this server I have the following in /etc/hosts:

    ip.address.of.firewall mailstore.mydomain.pri

    On the packet filtering firewall I have rules saying:

    Send everything what comes from comms.mydomain.de on ports 80, 143, 443, 514, 993, 7072, 7143, and 7993 to internal server mailstore.mydomain.pri

    The rules work because I can connect from the proxy to the internal mailstore, for example with telnet to the IMAP port or with lynx to the web server port:

    telnet mailstore.mydomain.pri 143
    Trying ip.address.of.firewall
    Connected to maistore.mydomain.pri
    Escape character is '^]'.
    * OK mailstore.mydomain.pri Zimbra IMAP4rev1 server ready

    But when I connect to the proxy server there is no redirection. It looks as if the proxying just is not happening.

    Any ideas?

    Thank you very much.

    Best regards,
    Willi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •