Moving to a NAT setup
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.
Moving to a NAT setup
[quote user="adambmedent"]We currently have a 8.0.6 install with a public address. I would like to move this to our LAN and do NAT, this way we can utilize our UTM for spam filtering.
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.[/QUOTE]Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).
My plan is to stop the zimbra services, cut the IP over, setup the port forwards, setup dnsmasq and test. My question is whether anyone sees an issue with this? I don't see any reason to re-do the entire server just to cut over to my LAN and utilize NAT.[/QUOTE]Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
[quote user="10330phoenix"]Take a look at some of the forum threads on this subject (and don't forget a backup before you make any changes).[/QUOTE]
Looks like it won't be an issue, I see quite a few have issues if they are changing the hostname, I am looking to change the IP only. I plan on doing a complete VM backup before, this way I can restore the entire VM if the cutover doesn't go as planned. I appreciate the input.
Looks like it won't be an issue, I see quite a few have issues if they are changing the hostname, I am looking to change the IP only. I plan on doing a complete VM backup before, this way I can restore the entire VM if the cutover doesn't go as planned. I appreciate the input.
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
Well I gave this a try last night and couldn't seem to get things working. I ended up having to restore from my backup. Here is what I did.
[QUOTE]/etc/dnsmasq.conf
server=10.80.1.6
domain=medent.com
mx-host=medent.com,webmail.medent.com,5
[/QUOTE]
[QUOTE]/etc/hosts
127.0.0.1 localhost.localdomain localhost
10.80.8.45 webmail.medent.com webmail
[/QUOTE]
[QUOTE]/etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# host `hostname`
webmail.medent.com has address 10.80.8.45[/QUOTE]
I am pretty sure it has something to do with my split dns setup but couldn't seem to pin it down. Just noticed that I have another domain to test with. I am going to setup a test server to see where I am going wrong, im sure it is something quite simple.
[QUOTE]/etc/dnsmasq.conf
server=10.80.1.6
domain=medent.com
mx-host=medent.com,webmail.medent.com,5
[/QUOTE]
[QUOTE]/etc/hosts
127.0.0.1 localhost.localdomain localhost
10.80.8.45 webmail.medent.com webmail
[/QUOTE]
[QUOTE]/etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# host `hostname`
webmail.medent.com has address 10.80.8.45[/QUOTE]
I am pretty sure it has something to do with my split dns setup but couldn't seem to pin it down. Just noticed that I have another domain to test with. I am going to setup a test server to see where I am going wrong, im sure it is something quite simple.
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
Well I will make note not to edit posts as they have to get approved each and every time, what a pain.
I setup a fresh CentOS6.5 VM. Setup DNSmasq and installed a fresh zimbra 8.0.6. I made it a bit further but I seem to still be having issues.
I can successfully send emails now but can't recieve which makes me think something is still wrong with my DNSmasq setup.
[QUOTE][root@webmail2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/dnsmasq.conf
server=208.67.222.222
server=8.8.8.8
domain=webmail2.medent.com
mx-host=webmail2.medent.com,webmail2.medent.com,30[/QUOTE]
The only way I could get zimbra to install without complaining about MX records was to use webmail2.medent.com instead of just medent.com.
[QUOTE][root@webmail2 log]# dig medent.com mx
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;medent.com. IN MX
;; ANSWER SECTION:
medent.com. 900 IN MX 30 webmail2.medent.com.
medent.com. 900 IN MX 20 webmail.medent.com.
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 08:32:34 2013
;; MSG SIZE rcvd: 77
[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;medent.com. IN ANY
;; ANSWER SECTION:
medent.com. 795 IN A 65.114.41.3
medent.com. 90 IN MX 30 webmail2.medent.com.
medent.com. 90 IN MX 20 webmail.medent.com.
medent.com. 795 IN NS authns1.qwest.net.
medent.com. 795 IN NS authns2.qwest.net.
medent.com. 733 IN SOA authns1.qwest.net. dns-admin.qwestip.net. 2130409000 10800 3600 604800 86400
;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 08:46:04 2013
;; MSG SIZE rcvd: 200[/QUOTE]
[QUOTE][root@webmail2 log]# host `hostname`
webmail2.medent.com has address 10.80.8.45
[/QUOTE]
I setup a fresh CentOS6.5 VM. Setup DNSmasq and installed a fresh zimbra 8.0.6. I made it a bit further but I seem to still be having issues.
I can successfully send emails now but can't recieve which makes me think something is still wrong with my DNSmasq setup.
[QUOTE][root@webmail2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/dnsmasq.conf
server=208.67.222.222
server=8.8.8.8
domain=webmail2.medent.com
mx-host=webmail2.medent.com,webmail2.medent.com,30[/QUOTE]
The only way I could get zimbra to install without complaining about MX records was to use webmail2.medent.com instead of just medent.com.
[QUOTE][root@webmail2 log]# dig medent.com mx
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;medent.com. IN MX
;; ANSWER SECTION:
medent.com. 900 IN MX 30 webmail2.medent.com.
medent.com. 900 IN MX 20 webmail.medent.com.
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 08:32:34 2013
;; MSG SIZE rcvd: 77
[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;medent.com. IN ANY
;; ANSWER SECTION:
medent.com. 795 IN A 65.114.41.3
medent.com. 90 IN MX 30 webmail2.medent.com.
medent.com. 90 IN MX 20 webmail.medent.com.
medent.com. 795 IN NS authns1.qwest.net.
medent.com. 795 IN NS authns2.qwest.net.
medent.com. 733 IN SOA authns1.qwest.net. dns-admin.qwestip.net. 2130409000 10800 3600 604800 86400
;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 08:46:04 2013
;; MSG SIZE rcvd: 200[/QUOTE]
[QUOTE][root@webmail2 log]# host `hostname`
webmail2.medent.com has address 10.80.8.45
[/QUOTE]
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
So trying a few more things and looking over my configs. I was definitely missing a line in me /etc/dnsmasq, and I changed it to just domain.com like the split dns examples in the wiki. Below is what I have now, but I am still have the same issues. I can send emails but I can recieve, so I am still thinking the issue is with dnsmasq. I have confirmed a number of times that my port forwards are working.
[QUOTE][root@webmail2 ~]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE]/etc/dnsmasq.conf
server=208.67.222.222
server=8.8.8.8
domain=medent.com
mx-host=medent.com,webmail2.medent.com,30
listen-address=127.0.0.1[/QUOTE]
[root@webmail2 log]# dig medent.com mx
[QUOTE]; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;medent.com. IN MX
;; ANSWER SECTION:
medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:
webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 13:44:53 2013
;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;medent.com. IN ANY
;; ANSWER SECTION:
medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:
webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 13:44:57 2013
;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# host $(hostname)
webmail2.medent.com has address 10.80.8.45[/QUOTE]
Stumped, but still digging. Appreciate any input.
[QUOTE][root@webmail2 ~]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.80.8.45 webmail2.medent.com webmail2[/QUOTE]
[QUOTE][root@webmail2 ~]# cat /etc/resolv.conf
search medent.com
nameserver 127.0.0.1[/QUOTE]
[QUOTE]/etc/dnsmasq.conf
server=208.67.222.222
server=8.8.8.8
domain=medent.com
mx-host=medent.com,webmail2.medent.com,30
listen-address=127.0.0.1[/QUOTE]
[root@webmail2 log]# dig medent.com mx
[QUOTE]; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;medent.com. IN MX
;; ANSWER SECTION:
medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:
webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 13:44:53 2013
;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# dig medent.com any
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> medent.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;medent.com. IN ANY
;; ANSWER SECTION:
medent.com. 0 IN MX 30 webmail2.medent.com.
;; ADDITIONAL SECTION:
webmail2.medent.com. 0 IN A 10.80.8.45
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 31 13:44:57 2013
;; MSG SIZE rcvd: 79[/QUOTE]
[QUOTE][root@webmail2 log]# host $(hostname)
webmail2.medent.com has address 10.80.8.45[/QUOTE]
Stumped, but still digging. Appreciate any input.
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
I ended up working my way through this. For the life of me I couldn't get dnsmasq to work properly, so I went back to trying to get bind/named working. Sure enough I was able to get that working. I appreciate the input! Happy new year!
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
I just made the cutover on our production mail server. It went much better but I still ran into an issue that had me stumped for a bit. I guess there is something you need to worry about when changing the IP. Hopefully this helps someone else who does this.
Change IP Address of Zimbra Mail Server : How to Resolve the Problem | Spirit of Change
Change IP Address of Zimbra Mail Server : How to Resolve the Problem | Spirit of Change
Moving to a NAT setup
Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.
-
- Posts: 13
- Joined: Sat Sep 13, 2014 2:54 am
Moving to a NAT setup
[quote user="nrc"]Glad you got it sorted. I looked the info over and everything appeared the same as mine except the domain, but assumed that was to avoid conflict between the production and test versions. dnsmasq is working for me but I'm using ClearOS as a firewall/gateway appliance and have it configured on there to provide internal DNS.[/QUOTE]
Yea I went with DNSmasq as from the looks of it, seems much simpler. I just couldn't get it to work, bind is seems to be doing well though. I use untangle as my firewall/UTM, this move was in efforts to utilize Untangle's spam filtering abilities. So far its doing a great job.
Yea I went with DNSmasq as from the looks of it, seems much simpler. I just couldn't get it to work, bind is seems to be doing well though. I use untangle as my firewall/UTM, this move was in efforts to utilize Untangle's spam filtering abilities. So far its doing a great job.