[SOLVED] Howto: Bind to one specific IP / Listen to one IP

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Service
Elite member
Elite member
Posts: 1023
Joined: Tue Apr 14, 2009 2:44 pm

[SOLVED] Howto: Bind to one specific IP / Listen to one IP

Postby Service » Sun Sep 27, 2009 12:46 pm

Wouldn't be any security concern about to change something listening in localhost to a public interface?


carnold
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Sep 12, 2014 10:40 pm

[SOLVED] Howto: Bind to one specific IP / Listen to one IP

Postby carnold » Fri Apr 02, 2010 7:58 am

Hate to drag out this thread again but we are having problems since the upgrade to 6.0.5. Since then, we can not get our (edirectory)ldap to start unless we stop zimbra start the (edirectory)ldap and then start zimbra. I have gone over both zimbra and (edirectory)ldap to re-bind both to a separate ip address. In our testing to see which one is the problem, it seems something might have changed in zimbra since 6.0.3? I know that in one zimbra release, the upgrades now keep the ldap config in tact. Here are some things i noticed in this thread that i was not able to find in our install:

In the zimbra java heading of the first post, we do not have:

zimbraImapSSLBindAddress

zimbraLmtpSSLBindAddress
Anyone else experiencing issues since an upgrade?
[EDIT]Well, i don't know if this is the problem or not but i found my postfix master.cf will not keep the edit. I shut down zimbra and make the edit to master.cf then start zimbra and the edit to master.cf is gone? Anyone else experiencing this?

The master.cf file i am editing is located in /opt/zimbra/postfix/conf/master.cf. There is also another master.cf located in /opt/zimbra/postfix.2.6.5.2z/conf/master.cf and this appears to be the file that gets rewritten upon startup. The permissions on that file are 440, should i even mess with these?[/EDIT]

[EDIT]Found the /opt/zimbra/postfix2.6.5.2z/conf/master.cf.in file is in fact the one to edit. This file has the info that gets written to the other master.cf files. Now, the master.cf files have the correct edit and hold the edit during a restart. And that was in fact the problem as to why our other (edirectory)ldap was not starting. Tested and verified.[/EDIT]
sdetheridge
Posts: 4
Joined: Fri Sep 12, 2014 11:39 pm

[SOLVED] Howto: Bind to one specific IP / Listen to one IP

Postby sdetheridge » Fri Mar 18, 2011 1:03 pm

I can't get this to work with Zimbra 7. It appears that it's not respecting the zimbraIMBindAddress option.
I've reconfigured postfix (master.cf.in), jetty (jetty.xml.in and friends) as well as setting zimbraPopBindAddress, zimbraPopSSLBindAddress, zimbraIMBindAddress, zimbraImapBindAddress, zimbraImapSSLBindAddress, and zimbraLmtpBindAddress. The suggestion is that this should be enough to get Zimbra listening on a single IP address.
What actually happens is that six ports remain open on my second IP. This page suggests that the open ports on my second IP are all to do with xmpp. Changing zimbraIMBindAddress has no effect. For ref, I have definitely set zimbraIMBindAddress correctly. I've tried unsetting it and setting it again, and I have restarted zimbra between changes.:
sudo -u zimbra /opt/zimbra/bin/zmprov -l gs my.server.name zimbraIMBindAddress xxx.xxx.xxx.33

# name my.server.name

zimbraIMBindAddress: xxx.xxx.xxx.33


Below is what nmap says about the open ports on both my IPs. If I stop Zimbra, all but port 22 are closed.


Starting Nmap 4.53 ( Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources ) at 2011-03-18 17:02 GMT

Interesting ports on x.x.x.33:

Not shown: 65515 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

80/tcp open http

110/tcp open pop3

143/tcp open imap

389/tcp open ldap

465/tcp open smtps

587/tcp open submission

993/tcp open imaps

995/tcp open pop3s

5222/tcp open unknown

5223/tcp open unknown

5269/tcp open unknown

7025/tcp open unknown

7071/tcp open unknown

7072/tcp open unknown

7335/tcp open unknown

7777/tcp open unknown

7780/tcp open unknown

10015/tcp open unknown
Interesting ports on x.x.x.34:

Not shown: 65529 closed ports

PORT STATE SERVICE

5222/tcp open unknown

5223/tcp open unknown

5269/tcp open unknown

7335/tcp open unknown

7777/tcp open unknown

10015/tcp open unknown
Nmap done: 2 IP addresses (2 hosts up) scanned in 32.479 seconds


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 25 guests