LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-06-2011, 12:10 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Rep: Reputation: 73
DNS Issues Between Mail & Web Server


Just to set up the environment for you guys (or gals), I'm running a Cisco ASA 5520 Firewall and I've got my web server:

*All domains and external IP's are bogus but lets assume they're valid for the time being.*

www.somedomain.tld
192.168.0.201 (internal)
216.162.100.136 (external)

And my mail server:

mail.somedomain.tld
192.168.0.200 (internal)
216.162.100.135 (external)

Both my mail and web server sit on the same DMZ interface behind the Firewall. I'm having problems sending webmail from the web server because when my www server connects to mail, it does so as the external IP rather than the trusted internal IP. My mail server only relays mail from trusted networks and that's only 192.168.0.0/24.

Code:
Jan  6 12:51:54 mail dovecot: imap-login: Login: user=<carlos>, method=PLAIN, rip=216.162.100.136, lip=192.168.0.200, mpid=4656, TLS
Jan  6 12:51:55 mail postfix/smtpd[4657]: warning: 216.162.100.136: address not listed for hostname www.somedomain.tld
Jan  6 12:51:55 mail postfix/smtpd[4657]: connect from unknown[216.162.100.136]
Jan  6 12:51:55 mail postfix/smtpd[4657]: setting up TLS connection from unknown[216.162.100.136]
Jan  6 12:51:55 mail postfix/smtpd[4657]: Anonymous TLS connection established from unknown[216.162.100.136]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jan  6 12:51:55 mail postfix/smtpd[4657]: disconnect from unknown[216.162.100.136]
Jan  6 12:51:55 mail dovecot: imap(carlos): Disconnected: Logged out bytes=12/341
So I don't understand why the rip (requested IP) is my external NAT IP rather than my internal 192.168.0.201 IP address. They're both on the same network / subnet so why is my web server going out and back into the Firewall? This makes no sense to me. My mail server doesn't trust the external NAT IP but rather the internal 192.168.0.0/24 subnet. I've check DNS and rDNS and they're all correct. I've added local host entries in my mail server for the web servers 192.168.0.201/24 IP. Anyone know what's going on here?
 
Old 01-06-2011, 12:36 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

You should go the other way around:
Add in webserver's /etc/hosts the internal IP of the mail server.
 
Old 01-06-2011, 02:52 PM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by bathory View Post
Hi,

You should go the other way around:
Add in webserver's /etc/hosts the internal IP of the mail server.
Yes they both have their respective internal IP entries in their /etc/hosts file. Still doesn't make sense or work for me.
 
Old 01-06-2011, 04:38 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
You can setup the webmail application to use your mail server's internal IP.

What do the following 2 commands give:
Code:
nslookup mail.somedomain.tld
ping mail.somedomain.tld
The 1st uses dns, while the 2nd uses /etc/hosts. Then check /etc/nsswitch.conf to see if you have "files" before "dns" in the "hosts" line. It could be the reason that the web server box does dns lookups to find the mail server IP.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
plz give me some firewall(iptables or ipchain) for my dns,web & mail server fadu Linux - Security 6 07-03-2009 11:44 PM
DNS, web and mail server on the same linux box titel Linux - Networking 3 12-15-2006 05:25 AM
How the DNS-server is connected to work of a web-server and a mail-server? ukrainet Linux - Newbie 2 01-10-2005 09:18 PM
Setup DNS, WEB, FTP, and Mail Server Help! dcdjservices Linux - Networking 42 08-28-2003 03:57 PM
Setup a linux server, DNS, WEB, FTP, and Mail Server Help watermelon_lee Linux - Networking 1 08-26-2003 03:09 AM


All times are GMT -5. The time now is 04:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration