[SOLVED] Howto: Bind to one specific IP / Listen to one IP
[SOLVED] Howto: Bind to one specific IP / Listen to one IP
Wouldn't be any security concern about to change something listening in localhost to a public interface?
[SOLVED] Howto: Bind to one specific IP / Listen to one IP
Hate to drag out this thread again but we are having problems since the upgrade to 6.0.5. Since then, we can not get our (edirectory)ldap to start unless we stop zimbra start the (edirectory)ldap and then start zimbra. I have gone over both zimbra and (edirectory)ldap to re-bind both to a separate ip address. In our testing to see which one is the problem, it seems something might have changed in zimbra since 6.0.3? I know that in one zimbra release, the upgrades now keep the ldap config in tact. Here are some things i noticed in this thread that i was not able to find in our install:
In the zimbra java heading of the first post, we do not have:
zimbraImapSSLBindAddress
zimbraLmtpSSLBindAddress
Anyone else experiencing issues since an upgrade?
[EDIT]Well, i don't know if this is the problem or not but i found my postfix master.cf will not keep the edit. I shut down zimbra and make the edit to master.cf then start zimbra and the edit to master.cf is gone? Anyone else experiencing this?
The master.cf file i am editing is located in /opt/zimbra/postfix/conf/master.cf. There is also another master.cf located in /opt/zimbra/postfix.2.6.5.2z/conf/master.cf and this appears to be the file that gets rewritten upon startup. The permissions on that file are 440, should i even mess with these?[/EDIT]
[EDIT]Found the /opt/zimbra/postfix2.6.5.2z/conf/master.cf.in file is in fact the one to edit. This file has the info that gets written to the other master.cf files. Now, the master.cf files have the correct edit and hold the edit during a restart. And that was in fact the problem as to why our other (edirectory)ldap was not starting. Tested and verified.[/EDIT]
In the zimbra java heading of the first post, we do not have:
zimbraImapSSLBindAddress
zimbraLmtpSSLBindAddress
Anyone else experiencing issues since an upgrade?
[EDIT]Well, i don't know if this is the problem or not but i found my postfix master.cf will not keep the edit. I shut down zimbra and make the edit to master.cf then start zimbra and the edit to master.cf is gone? Anyone else experiencing this?
The master.cf file i am editing is located in /opt/zimbra/postfix/conf/master.cf. There is also another master.cf located in /opt/zimbra/postfix.2.6.5.2z/conf/master.cf and this appears to be the file that gets rewritten upon startup. The permissions on that file are 440, should i even mess with these?[/EDIT]
[EDIT]Found the /opt/zimbra/postfix2.6.5.2z/conf/master.cf.in file is in fact the one to edit. This file has the info that gets written to the other master.cf files. Now, the master.cf files have the correct edit and hold the edit during a restart. And that was in fact the problem as to why our other (edirectory)ldap was not starting. Tested and verified.[/EDIT]
-
sdetheridge
- Posts: 4
- Joined: Fri Sep 12, 2014 11:39 pm
[SOLVED] Howto: Bind to one specific IP / Listen to one IP
I can't get this to work with Zimbra 7. It appears that it's not respecting the zimbraIMBindAddress option.
I've reconfigured postfix (master.cf.in), jetty (jetty.xml.in and friends) as well as setting zimbraPopBindAddress, zimbraPopSSLBindAddress, zimbraIMBindAddress, zimbraImapBindAddress, zimbraImapSSLBindAddress, and zimbraLmtpBindAddress. The suggestion is that this should be enough to get Zimbra listening on a single IP address.
What actually happens is that six ports remain open on my second IP. This page suggests that the open ports on my second IP are all to do with xmpp. Changing zimbraIMBindAddress has no effect. For ref, I have definitely set zimbraIMBindAddress correctly. I've tried unsetting it and setting it again, and I have restarted zimbra between changes.:
Below is what nmap says about the open ports on both my IPs. If I stop Zimbra, all but port 22 are closed.
I've reconfigured postfix (master.cf.in), jetty (jetty.xml.in and friends) as well as setting zimbraPopBindAddress, zimbraPopSSLBindAddress, zimbraIMBindAddress, zimbraImapBindAddress, zimbraImapSSLBindAddress, and zimbraLmtpBindAddress. The suggestion is that this should be enough to get Zimbra listening on a single IP address.
What actually happens is that six ports remain open on my second IP. This page suggests that the open ports on my second IP are all to do with xmpp. Changing zimbraIMBindAddress has no effect. For ref, I have definitely set zimbraIMBindAddress correctly. I've tried unsetting it and setting it again, and I have restarted zimbra between changes.:
sudo -u zimbra /opt/zimbra/bin/zmprov -l gs my.server.name zimbraIMBindAddress xxx.xxx.xxx.33
# name my.server.name
zimbraIMBindAddress: xxx.xxx.xxx.33
Below is what nmap says about the open ports on both my IPs. If I stop Zimbra, all but port 22 are closed.
Starting Nmap 4.53 ( Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources ) at 2011-03-18 17:02 GMT
Interesting ports on x.x.x.33:
Not shown: 65515 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
389/tcp open ldap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
5222/tcp open unknown
5223/tcp open unknown
5269/tcp open unknown
7025/tcp open unknown
7071/tcp open unknown
7072/tcp open unknown
7335/tcp open unknown
7777/tcp open unknown
7780/tcp open unknown
10015/tcp open unknown
Interesting ports on x.x.x.34:
Not shown: 65529 closed ports
PORT STATE SERVICE
5222/tcp open unknown
5223/tcp open unknown
5269/tcp open unknown
7335/tcp open unknown
7777/tcp open unknown
10015/tcp open unknown
Nmap done: 2 IP addresses (2 hosts up) scanned in 32.479 seconds
Who is online
Users browsing this forum: No registered users and 25 guests