SUSE Linux Enterpise Server 9 NAT HOWTO: Difference between revisions

No edit summary
 
Line 14: Line 14:


== Background ==
== Background ==
This HOWTO assumes you already know what an A record, a PTR record and an MX record are, and that you have configured them for your Zimbra server to be RFC compliant on the public DNS servers that are authoritative for your domain.  In other words, configuring things so the world can find your Zimbra server is beyond the scope of this HOWTO.  :-)
This HOWTO assumes you already know what an A record, a PTR record and an MX record are, and that you know how to configure them for your Zimbra server to be RFC compliant on the public DNS servers that are authoritative for your domain.  In other words, configuring things so the world can find your Zimbra server is beyond the scope of this HOWTO.  :-)


For a NAT'd Zimbra box to work correctly, Zimbra must be tricked into using DNS that reference private IP addresses for itself, even though public DNS records will point to public IP addresses.   
For a NAT'd Zimbra box to work correctly, Zimbra must be tricked into using DNS that reference private IP addresses for itself, even though public DNS records will point to public IP addresses.   
Line 20: Line 20:
To do this, we need to make changes in four places:
To do this, we need to make changes in four places:


   * The /etc/hosts file
   1. The /etc/hosts file
   * The /opt/zimbra/postfix/conf/main.cf file
   2. The /opt/zimbra/postfix/conf/main.cf file
   * The local installation of BIND on the ES9 Zimbra server
   3. The local installation of BIND on the ES9 Zimbra server
   * The order of DNS lookups
   4. The order of DNS lookups
 
 
Here we will use the actual public and private IP addresses of our Zimbra server "viognier.reliablenetworks.com".
 
  lmstone@shiraz:~$ host viognier.reliablenetworks.com
  viognier.reliablenetworks.com has address 65.126.238.150
  lmstone@shiraz:~$ ping 172.16.1.23
  PING 172.16.1.23 (172.16.1.23) 56(84) bytes of data.
  64 bytes from 172.16.1.23: icmp_seq=1 ttl=64 time=49.9 ms
  64 bytes from 172.16.1.23: icmp_seq=2 ttl=64 time=83.3 ms
 
  --- 172.16.1.23 ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1000ms
  rtt min/avg/max/mdev = 49.918/66.613/83.308/16.695 ms
  lmstone@shiraz:~$
 
In our case, we installed Zimbra ''before'' making the following changes, so we had to tweak the installer to use "reliablenetworks.com" as the domain instead of "viognier.reliablenetworks.com", and we had to accept and click through the installer's error notification that it couldn't find our MX record.  It would be nice if someone could test an ES9 install ''after'' making the changes below, and confirm here that the install proceeds without any errors.
 
Regardless, you'll still need to edit the main.cf file after the Zimbra installation is complete.
 
 
== Installing Zimbra - Errors Are OK ==
Our Zimbra host is "viognier.reliablenetworks.com".  During the Zimbra in
 
== 1. Configuring /etc/hosts ==

Revision as of 19:34, 3 November 2006

WORK IN PROGRESS!!! UPLOADING SCREENSHOTS CURRENTLY....

Introduction

Our preferred configuration for our servers exposed to the public Internet is to NAT them behind a firewall. Zimbra's default configuration does not expect a NAT'd server, so a few configuration changes are required for the Zimbra server to function correctly. While the forums describe what needs to be accomplished, I have found no detailed "HOWTO" for SUSE Linux Enterprise Server 9 ("SLES9" or "ES9"), and so I decided to write one.

As this is a first draft, I would be grateful for any improvements and/or corrections.

L. Mark Stone
3 November 2006


Background

This HOWTO assumes you already know what an A record, a PTR record and an MX record are, and that you know how to configure them for your Zimbra server to be RFC compliant on the public DNS servers that are authoritative for your domain. In other words, configuring things so the world can find your Zimbra server is beyond the scope of this HOWTO.  :-)

For a NAT'd Zimbra box to work correctly, Zimbra must be tricked into using DNS that reference private IP addresses for itself, even though public DNS records will point to public IP addresses.

To do this, we need to make changes in four places:

  1. The /etc/hosts file
  2. The /opt/zimbra/postfix/conf/main.cf file
  3. The local installation of BIND on the ES9 Zimbra server
  4. The order of DNS lookups


Here we will use the actual public and private IP addresses of our Zimbra server "viognier.reliablenetworks.com".

  lmstone@shiraz:~$ host viognier.reliablenetworks.com
  viognier.reliablenetworks.com has address 65.126.238.150
  lmstone@shiraz:~$ ping 172.16.1.23
  PING 172.16.1.23 (172.16.1.23) 56(84) bytes of data.
  64 bytes from 172.16.1.23: icmp_seq=1 ttl=64 time=49.9 ms
  64 bytes from 172.16.1.23: icmp_seq=2 ttl=64 time=83.3 ms
  
  --- 172.16.1.23 ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1000ms
  rtt min/avg/max/mdev = 49.918/66.613/83.308/16.695 ms
  lmstone@shiraz:~$ 

In our case, we installed Zimbra before making the following changes, so we had to tweak the installer to use "reliablenetworks.com" as the domain instead of "viognier.reliablenetworks.com", and we had to accept and click through the installer's error notification that it couldn't find our MX record. It would be nice if someone could test an ES9 install after making the changes below, and confirm here that the install proceeds without any errors.

Regardless, you'll still need to edit the main.cf file after the Zimbra installation is complete.


Installing Zimbra - Errors Are OK

Our Zimbra host is "viognier.reliablenetworks.com". During the Zimbra in

1. Configuring /etc/hosts

Jump to: navigation, search