help to enable email server access outside internet . [SOLVED]

[alhadi]

hello sir.

i have setup an email server inside the lan and the ip is 192.168.1.41 and its running axigen email server and i have set a dns records for backup.halconrealestate.com as secondary MX.

we have primary running on netherland and it gives us access to our email but for redundancy i installed in our office in dubai UAE and today i setup but the problem is that when i type

http://backup.halconrealesate.com

it says IT WORKS but when i type http://backup.halconrealestate.com:9000 it fails to work

i have added the ports for the internal network and i want it to work this email server for outside users and internal also.

i also approached axigen support and they say this below


Hello,

You will need to add all necessary firewall rules as to ensure that the machine hosting the backup Axigen server (192.168.1.41) is accessible from the Internet (from outside your internal network) on port 25 of 87.200.5.235.
 
This also means that you need to forward port 25 from 87.200.5.235 (the public IP address associated with backup.halconrealestate.com) to the local IP address of the backup Axigen server (192.168.1.41 as mentioned by you).


as you see that i need this setup to work outside internet and for internal also.

please help me setup this email server as backup for my company sir

regards
alhadi

[cheesyking]

sounds like you've created a packet filter rule for "external to internal networks"

You need to create a port forwarding rule instead.

something like:
interface => your internet external interface
original destination => ebox
original destination port => 9000
protocol => tcp
source => any
destination ip => 192.168.1.41
port => same
description => whatever you want

and you'll have to create another one for port 25 by the sounds of it!

[alhadi]

thanks alot after creating port forward now i can access it.

[cheesyking]

Cool,

Packet filter rules are for where data is being routed through ebox... IE you send a packet to ip address X which is on the other side of an ebox firewall.

With your mail server people are sending their data to the public ip address of your ebox firewall not the ip of your mail server so you redirect a port on ebox to be forwarded to the port on the server.

Use a packet filter rule if you connect to the ip of the server directly, a redirect if you're connecting to the ebox ip.

In some situations you might need to create both... Say you ran 2 networks in your office, staff on 192.168.0.0/24 and mailservers on 192.168.1.0/24. You'd need to create a packet filter rule to allow the staff desktop to access the mailserver on 192.168.1.2 and a redirect rule to allow external users to connect through the public ip of the office.

[alhadi]

ok i created a packet filter rule comming out from ebox

it says any to any

it was by default

and

the port forward rule i created so outside users can access the webadmin and webmail

but one problem is that internal lan cannot access http://backup.halconrealestate.com:9000
or
http://backup.halconrealestate.com

please advice

[alhadi]

sorry for double post why i cannot attach a file?

says uploader folder is full and please contact administrator.

to my knowledge allowed size should be atleast 1 mb

[cheesyking]

What you need to do this is nat reflection (IIRC) which ebox doesn't do at the moment.

What is happening is that your lan clients are using backup.halconrealestate.com which points at your public ip rather than the internal ip of your mailserver.

There are two hacks that let you get round this:

- Just use the internal ip rather than the hostname for your internal lan machines. This is fine for desktop machines that are always inside your lan but won't work with laptops that need to access the server inside and outside your lan.

- Do some tricks with DNS... I assume you've got the nameservers for halconrealestate.com on some host on the internet (rather than the ebox where you're setting up your backup server). Make a note of all the hostnames you've got on there. Then go to the DNS server section of your backup ebox and recreate them all for your domain there BUT change the backup.halconrealestate.com entry to point at the internal IP of your mailserver.

As long as your lan clients are using ebox for their DNS they will now think that www.halconrealestate.com is at the normal IP of your webserver while using the private IP for your backup server. If a laptop is used outside your lan then it will use the public DNS server which has the public ip of your mailserver.

Two small problems with this:
Laptops have to get their DNS through DHCP, you can't set them to use OpenDNS etc.
Changing the IP of one your servers will require updating 2 lots of DNS settings.

[alhadi]

hello cheesyking

thanks for your reply

i have a doubt, i've a ebox DNS and if i set halconrealestate.com as domain and hostname as backup with ip 192.168.1.41 and other hostnames with public ip ?

just want to make sure before i proceed

ebox has its own dns module called bind9

[cheesyking]

changes to your ebox dns will only muck up access from your local lan and changes you make to it come into effect immediately (rather than 24-48 hours for a full public change) so if you mess up it's not too big a problem and can be fixed quickly!

Yes, you're trying to exactly mirror your normal public DNS server except for that backup hostname.

For all the other hostnames you want DNS to return their normal IP but with backup you want it to return a different address if you're inside the lan.

[alhadi]

Hello Cheesyking

i am happy to announce that i have done it.

also i want to tell you all what was it .

Go to Ebox DNS > add a domain and in hostname just put the name example mail / backup / ftp /www with public ip and if you host website or email in your company then put private ip and rest public if you host with namecheap.com for example.

good luck

thank you very much cheesyking and you have made my day

i was struggling for past 2 days and i knew someone from ebox support member will help me and 5 star for you

have a great day

Best Regards,
alhadi

[cheesyking]

good to hear it man!