Do I have to tell Zimbra it's NAT'ed now?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
zim_mike
Outstanding Member
Outstanding Member
Posts: 330
Joined: Sat Sep 13, 2014 3:26 am

Do I have to tell Zimbra it's NAT'ed now?

Post by zim_mike »

I have a zimbra server that has been online for years with a public IP and the centos firewall for protection.
Now I have to move that server to another network where the public IP will have to be moved to a firewall.

This means that the server will no longer be directly on the Internet so it will be NAT'ed.
In other words, it will still use the same IP but it's going to be on the LAN side of the network and the firewall will show outgoing traffic as it's public IP as always.

The question is...

Is there anything I need to change on the zimbra server itself for this to happen? Like a VoIP system for example, do I have to tell the server that it is now NAT'ed or just change the interface to the private IP and let the packets flow through the firewall etc.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by phoenix »

There's no problem running Zimbra behind a firewall,I've been doing that since it was released in 2005. :)

As you've mentioned, you need to put it on a LAN IP, forward that to your server and away you go. Obviously you'll also need a DNS server on your LAN to resolve the ZCS hostname etc. but that should be about it. Sorry, I forgot to mention that you'll also need to modify the Zimbra IP address, there's a wiki article on that subject.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
zim_mike
Outstanding Member
Outstanding Member
Posts: 330
Joined: Sat Sep 13, 2014 3:26 am

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by zim_mike »

>I forgot to mention that you'll also need to modify the Zimbra IP address, there's a wiki article on that subject.

Do you mean Zimbra needs to know that it's now NAT'ed or something else?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by phoenix »

When you originally setup Zimbra you would have set the IP address on ZCS to your public IP address, you now need to set it to the LAN IP address with zmprov. As I mentioned, there's a wiki article on the subject and there's even forum thread on the same topic.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
zim_mike
Outstanding Member
Outstanding Member
Posts: 330
Joined: Sat Sep 13, 2014 3:26 am

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by zim_mike »

I have a feeling you're not really helping me.
If I change anything on the server, won't that also require a certificate change as well, email going out showing the private IP and possibly some other things?
I'm asking in these forums because I'm not able to find a document that covers all the steps.
Everything I've read seems would lead to down time because of missing steps.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by phoenix »

zim_mike wrote:I have a feeling you're not really helping me.
Fine, then you sort it out. I've already told you what need to be changed, it's a fairly straightforward process. I'm done with these forums.

FWIW, it makes no difference to your 'certificate' whether you're on a public or private IP..

As it seems too difficult to understand what I'm telling you, search the internet for the following:

Code: Select all

change zimbra IP address
You'll find everything you need
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
zim_mike
Outstanding Member
Outstanding Member
Posts: 330
Joined: Sat Sep 13, 2014 3:26 am

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by zim_mike »

I hope you really are done with these forums and trying to help people.
No one needs your kind of help. Everyone has to learn and that comes from others helping them along not chastising them every chance they get.

Your help is not complete and you don't seem to understand that.
Search for posts on this site alone of folks changing their IP and it's not as simple as you try to make it sound, at least not if you don't know all the things that must be changed along with the IP.
There are at the very least, some DNS things to keep in mind.

Changing the IP is not all I need to search for.
Since it's going from a public IP to a NATed one, there are surely some other steps that you fail to bring up and/or don't bother to address in this post.
If you are explaining going from public to NAT, then you're not being very clear.

Please, stop helping me and don't even respond if you can help yourself.
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Do I have to tell Zimbra it's NAT'ed now?

Post by BradC »

Zimbra needs a couple of things to function.

It needs to be able to get out to the world for DNS black list checks, ClamAV updates, update checks and a few other things.
It needs to be accessible from the world so your clients can get to it.
It needs to be able to resolve itself in DNS. This includes MX records.

So, behind NAT you need to make sure you port forward the ports you need (25 & 443 at a minimum if you are using Zimbra directly for inbound mail). Potentially ports for POP3 and IMAP.
You need to make sure your DNS is spot on. I cheat and use dnsmasq on the Zimbra server, so it doesn't matter how my DNS is configured. Zimbra can see what it needs to see and is happy.
We run Zimbra behind another mail server, so we don't expose port 25.

It pretty much "just works".

Ease up on Bill, he's spent years answering the same questions over and over again and he's right in that pretty much most questions can be answered with a good search.
If you'd come back with some more details about your setup and specific questions you'd have got a more detailed answer, but most new posts are "how do I do X?" and give zero context on what you have and how it's configured now. Ask a better question and you'll get a better answer.
Post Reply