Server behind firewall

Ask questions about your setup or get help installing ZCS server (ZD section below).
VmarkV
Posts: 1
Joined: Fri Sep 12, 2014 9:59 pm

Server behind firewall

Postby VmarkV » Sun Oct 30, 2005 9:45 pm

Well Ive spent all weekend playing with getting this app running and have came up with a few things you may want to add or think about in the documenation.
1. The hosts file should have TWO entries in it. The first line being the obvoius local localhost.localdomain entry and the second line should be mail.myserver.com
2. Im still really stumped as to how this should be setup behind a firewall. I have mine setup behind a firewall and cannot recieve mail because the proper DNS setup point to the external IP. Ive seen a few people setup dummy DNS servers locally to fix this but I have to think this is a real Kludge. I have setup many a mail server and the thought of tricking postfix via DNS just seems wrong to me. Are you guys planning on writing a Install for guys that like to firewall their gear? I would think that would be MOST enterprise guys out there....
3. MySQL. I dont mind the fact that the installer does the installation but what does it set the root password to? Also does changing it affect the software? I would like to add more applications other than Zimbra to this box and wonder how that will work.
4. Web Directories. I havent taken the time to see how its really setup here but again it would be nice If you could specify directoires and Ports during the install. Again I would like to load a single machine with the following apps

a. Zimbra

b. SugarCRM

c. Jooma CMS

d. Possibly Asterisk PBX & AMP
All of these together would make a hell of a bundle.
Just my thoughts.

Thanks,

Mark Vincent

MindCentric

MarkV@MindCentric.com


14319KevinH
Ambassador
Ambassador
Posts: 4558
Joined: Fri Sep 12, 2014 9:52 pm

Server behind firewall

Postby 14319KevinH » Mon Oct 31, 2005 11:14 am

[quote user="VmarkV"]Well Ive spent all weekend playing with getting this app running and have came up with a few things you may want to add or think about in the documenation.
1. The hosts file should have TWO entries in it. The first line being the obvoius local localhost.localdomain entry and the second line should be mail.myserver.com

[/QUOTE]
This is mentioned in the installer itself when it tries to check the data. We'll add a not to the docs as well.
[quote user="VmarkV"]

2. Im still really stumped as to how this should be setup behind a firewall. I have mine setup behind a firewall and cannot recieve mail because the proper DNS setup point to the external IP. Ive seen a few people setup dummy DNS servers locally to fix this but I have to think this is a real Kludge. I have setup many a mail server and the thought of tricking postfix via DNS just seems wrong to me. Are you guys planning on writing a Install for guys that like to firewall their gear? I would think that would be MOST enterprise guys out there....

[/QUOTE]
From what we've seen so far most enterprises have DNS setup correctly to resolve IP's internally to the internal IP. Seems most of these problems come from folks running on a home DSL/cable line and don't have a DNS server for their local machines. Are you running a larger system that doesn't have it's own DNS?
[quote user="VmarkV"]

3. MySQL. I dont mind the fact that the installer does the installation but what does it set the root password to? Also does changing it affect the software? I would like to add more applications other than Zimbra to this box and wonder how that will work.

[/QUOTE]



We don't reccomend using our MySQL db. It should be considered internal to our product. Zimbra will expect full control of the database and we tune the memory, threads, etc with the thinking we are the only app. This will show you the root password.
zmlocalconfig -s | grep mysql
[quote user="VmarkV"]

4. Web Directories. I havent taken the time to see how its really setup here but again it would be nice If you could specify directoires and Ports during the install. Again I would like to load a single machine with the following apps

a. Zimbra

b. SugarCRM

c. Jooma CMS

d. Possibly Asterisk PBX & AMP

[/QUOTE]
Here's the ports we use today(this will change in the next release).


You">http://www.zimbra.com/forums/showthread.php?t=5&highlight=ports
You
can find the directory info in the docs here:

http://www.zimbra.com/downloads/zimbra_open_source_admin_guide_html/2_Overview%20System%20Architecture.html#1036288
rhostager
Advanced member
Advanced member
Posts: 61
Joined: Fri Sep 12, 2014 9:59 pm

Server behind firewall

Postby rhostager » Sat Nov 05, 2005 10:34 pm

I just finished installing a test server. My setup is behind a firewall, so the server has an IP address of 192.168.1.7. My hostname is served by DNS that gives a valid internet address (points to my firewall) which is different from the actual local address mentioned above. My /etc/hosts has this local address. The ONLY way I could get this setup to work was with an internal DNS server that supplied the local address for my host and the proper MX record as well. It seems that parts of the backend use the /etc/hosts file and other parts (probably postfix) look to DNS.
It is fairly common practice to have a DNS server serve local addresses to servers and even local machines on the local net. I don't see this as a 'Kludge'. It makes sense. Why have local machines go out to the internet, back in the firewall and to your server when you can have them go direct? Just a thought.
- Rob
14319KevinH
Ambassador
Ambassador
Posts: 4558
Joined: Fri Sep 12, 2014 9:52 pm

Server behind firewall

Postby 14319KevinH » Sat Nov 05, 2005 11:37 pm

[quote user="rhostager"]

It is fairly common practice to have a DNS server serve local addresses to servers and even local machines on the local net. I don't see this as a 'Kludge'. It makes sense. Why have local machines go out to the internet, back in the firewall and to your server when you can have them go direct? Just a thought.[/QUOTE]
Correct. Every corp/enterprise network I've seen has this. It seems to be more of a problem for the very small networks, or home users. This is a postfix thing and there's really not much we can do.

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 5 guests