Moving to a NAT setup

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.
phoenix
Ambassador
Ambassador
Posts: 27262
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Moving to a NAT setup

Post by phoenix »

[quote user="adambmedent"]We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.[/QUOTE]Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

[quote user="10330phoenix"]Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).[/QUOTE]
Looks like it won't be an issue, I see quite a few have issues if they are changing the hostname, I am looking to change the IP only. I plan on doing a complete VM backup before, this way I can restore the entire VM if the cutover doesn't go as planned. I appreciate the input.
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

Well I gave this a try last night and couldn't seem to get things working. I ended up having to restore from my backup. Here is what I did.
[QUOTE]/etc/dnsmasq.conf

server=10.80.1.6

domain=medent.com

mx-host=medent.com,webmail.medent.com,5

[/QUOTE]
[QUOTE]/etc/hosts

127.0.0.1 localhost.localdomain localhost

10.80.8.45 webmail.medent.com webmail

[/QUOTE]
[QUOTE]/etc/resolv.conf

search medent.com

nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# host `hostname`

webmail.medent.com has address 10.80.8.45[/QUOTE]
I am pretty sure it has something to do with my split dns setup but couldn't seem to pin it down. Just noticed that I have another domain to test with. I am going to setup a test server to see where I am going wrong, im sure it is something quite simple.
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

Well I will make note not to edit posts as they have to get approved each and every time, what a pain.
I setup a fresh CentOS6.5 VM. Setup DNSmasq and installed a fresh zimbra 8.0.6. I made it a bit further but I seem to still be having issues.
I can successfully send emails now but can't recieve which makes me think something is still wrong with my DNSmasq setup.
[QUOTE][root@webmail2 ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf

search medent.com

nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/dnsmasq.conf

server=208.67.222.222

server=8.8.8.8

domain=webmail2.medent.com

mx-host=webmail2.medent.com,webmail2.medent.com,30[/QUOTE]
The only way I could get zimbra to install without complaining about MX records was to use webmail2.medent.com instead of just medent.com.
[QUOTE][root@webmail2 log]# dig medent.com mx
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;medent.com. IN MX
;; ANSWER SECTION:

medent.com. 900 IN MX 30 webmail2.medent.com.

medent.com. 900 IN MX 20 webmail.medent.com.
;; Query time: 17 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Dec 31 08:32:34 2013

;; MSG SIZE rcvd: 77

[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;medent.com. IN ANY
;; ANSWER SECTION:

medent.com. 795 IN A 65.114.41.3

medent.com. 90 IN MX 30 webmail2.medent.com.

medent.com. 90 IN MX 20 webmail.medent.com.

medent.com. 795 IN NS authns1.qwest.net.

medent.com. 795 IN NS authns2.qwest.net.

medent.com. 733 IN SOA authns1.qwest.net. dns-admin.qwestip.net. 2130409000 10800 3600 604800 86400
;; Query time: 11 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Dec 31 08:46:04 2013

;; MSG SIZE rcvd: 200[/QUOTE]
[QUOTE][root@webmail2 log]# host `hostname`

webmail2.medent.com has address 10.80.8.45

[/QUOTE]
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

So trying a few more things and looking over my configs. I was definitely missing a line in me /etc/dnsmasq, and I changed it to just domain.com like the split dns examples in the wiki. Below is what I have now, but I am still have the same issues. I can send emails but I can recieve, so I am still thinking the issue is with dnsmasq. I have confirmed a number of times that my port forwards are working.
[QUOTE][root@webmail2 ~]# cat /etc/hosts

127.0.0.1 localhost.localdomain localhost

10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf

search medent.com

nameserver 127.0.0.1[/QUOTE]



[QUOTE]/etc/dnsmasq.conf

server=208.67.222.222

server=8.8.8.8

domain=medent.com

mx-host=medent.com,webmail2.medent.com,30

listen-address=127.0.0.1[/QUOTE]
[root@webmail2 log]# dig medent.com mx
[QUOTE]; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:

;medent.com. IN MX
;; ANSWER SECTION:

medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:

webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Dec 31 13:44:53 2013

;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:

;medent.com. IN ANY
;; ANSWER SECTION:

medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:

webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Dec 31 13:44:57 2013

;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# host $(hostname)

webmail2.medent.com has address 10.80.8.45[/QUOTE]
Stumped, but still digging. Appreciate any input.
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

I ended up working my way through this. For the life of me I couldn't get dnsmasq to work properly, so I went back to trying to get bind/named working. Sure enough I was able to get that working. I appreciate the input! Happy new year!
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

I just made the cutover on our production mail server. It went much better but I still ran into an issue that had me stumped for a bit. I guess there is something you need to worry about when changing the IP. Hopefully this helps someone else who does this.
Change IP Address of Zimbra Mail Server : How to Resolve the Problem | Spirit of Change
nrc
Posts: 27
Joined: Fri Sep 12, 2014 10:29 pm

Moving to a NAT setup

Post by nrc »

Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.
adambmedent
Posts: 13
Joined: Sat Sep 13, 2014 2:54 am

Moving to a NAT setup

Post by adambmedent »

[quote user="nrc"]Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.[/QUOTE]
Yea I went with DNSmasq as from the looks of it, seems much simpler. I just couldn't get it to work, bind is seems to be doing well though. I use untangle as my firewall/UTM, this move was in efforts to utilize Untangle's spam filtering abilities. So far its doing a great job.
Post Reply