Difference between revisions of "SUSE Linux Enterpise Server 9 NAT HOWTO"

m (Installing Zimbra - Errors Are OK)
(1. Configuring /etc/hosts)
Line 49: Line 49:
== 1. Configuring /etc/hosts ==
== 1. Configuring /etc/hosts ==
Using vi or another editor, open up /etc/hosts and add a line at the end in the format:
[private IP address]  [fqdn]  [hostname]
Here is our /etc/hosts file after competing the edits:

Revision as of 20:31, 3 November 2006



Our preferred configuration for our servers exposed to the public Internet is to NAT them behind a firewall. Zimbra's default configuration does not expect a NAT'd server, so a few configuration changes are required for the Zimbra server to function correctly. While the forums describe what needs to be accomplished, I have found no detailed "HOWTO" for SUSE Linux Enterprise Server 9 ("SLES9" or "ES9"), and so I decided to write one.

As this is a first draft, I would be grateful for any improvements and/or corrections.

L. Mark Stone
3 November 2006


This HOWTO assumes you already know what an A record, a PTR record and an MX record are, and that you know how to configure them for your Zimbra server to be RFC compliant on the public DNS servers that are authoritative for your domain. In other words, configuring things so the world can find your Zimbra server is beyond the scope of this HOWTO.  :-)

For a NAT'd Zimbra box to work correctly, Zimbra must be tricked into using DNS that reference private IP addresses for itself, even though public DNS records will point to public IP addresses.

To do this, we need to make changes in four places:

  1. The /etc/hosts file
  2. The /opt/zimbra/postfix/conf/main.cf file
  3. The local installation of BIND on the ES9 Zimbra server
  4. The order of DNS lookups

Here we will use the actual public and private IP addresses of our Zimbra server "viognier.reliablenetworks.com".

  lmstone@shiraz:~$ host viognier.reliablenetworks.com
  viognier.reliablenetworks.com has address
  lmstone@shiraz:~$ ping
  PING ( 56(84) bytes of data.
  64 bytes from icmp_seq=1 ttl=64 time=49.9 ms
  64 bytes from icmp_seq=2 ttl=64 time=83.3 ms
  --- ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1000ms
  rtt min/avg/max/mdev = 49.918/66.613/83.308/16.695 ms

In our case, we installed Zimbra before making the following changes, so we had to tweak the installer to use "reliablenetworks.com" as the domain instead of "viognier.reliablenetworks.com", and we had to accept and click through the installer's error notification that it couldn't find our MX record. It would be nice if someone could test an ES9 install after making the changes below, and confirm here that the install proceeds without any errors.

Regardless, you'll still need to edit the main.cf file after the Zimbra installation is complete.

1. Configuring /etc/hosts

Using vi or another editor, open up /etc/hosts and add a line at the end in the format:

[private IP address] [fqdn] [hostname]

Here is our /etc/hosts file after competing the edits:


Jump to: navigation, search