Scalix Running on a Firewall box

[williamvanwood]

I have a Server, which also acts as my firewall, running scatlix. My WAN is on eth1 my LAN is on eth0.

When I tried to access the Scalix server behind the firewall (from the LAN side), I either have to punch a hole in the fire wall or drop fire wall completely.

I would llike to have open access from the LAN side and excess (with the exception the webmail) block from the WAN side.

But still needs to beable to send a receive mail normally.

Any Ideas?

Thank you ahead of time ...
William Wood

[grahamk]

I'd love to help. You're problem doesnt seem that difficult, but I think I am lacking something.

To be clear, you have 1 machine, which is set up as a firewall, and also runs scalix?

When you want to access the services (POP, SMTP, MAPI, etc) from your LAN interface, you need to allow traffic?

I don't see the drama?

[mikevl]

You need to set up port forwarding.
Port 80 for SWA / SAC
Port 5729 for Outlook from memory

Mike

[williamvanwood]

I'd love to help. You're problem doesnt seem that difficult, but I think I am lacking something.

To be clear, you have 1 machine, which is set up as a firewall, and also runs scalix?

Yes, that is correct!


When you want to access the services (POP, SMTP, MAPI, etc) from your LAN interface, you need to allow traffic?

I want to allow POP, SMTP, MAPI on the LAN interface, and only allow Webmail from the WAN interface. But, of course, I need to beable to send and receive mail from the internet.

I don't see the drama?

javascript:emoticon(':D')

[williamvanwood]

I guess the real questions is: Can I bind Scalix to the LAN interface instead of the WAN interface and still receive and send mail.

[Valerion]

In a default install Scalix will bind to all possible interfaces. In a multi-instance setup you can specify which instance binds to which IP, but you need an EE license for that.

You can write your firewall rules to not allow connections to the WAN side of the machine, but only the LAN side. That will probably be the easiest for you.

[williamvanwood]

I am not sure that I am clear on what I am saying.
1. I have a box that is loaded with Fedora 5.
2. It has two ether ports
3. When I load Scalix, it only binds to the WAN side of the box.
4 I can not access the the scalix server from the LAN but the port address for the services needed is wide open.
5. If I stop the firewall I can see it from the LAN side.

I guess I have two question.

1. Why isn't Scalix binding to both ehternet devices?
2. Can I set Scalix to run on a LAN only with out dns.

By the way I am using Scalix 11.1

Thanksa again for all the help I have been receiving on this site....

In a default install Scalix will bind to all possible interfaces. In a multi-instance setup you can specify which instance binds to which IP, but you need an EE license for that.

You can write your firewall rules to not allow connections to the WAN side of the machine, but only the LAN side. That will probably be the easiest for you.

[kool_kid]

Scalix will use the ip. which you have assigned in /etc/host file with the domain name. Also you must have supplied the ip to use when you were installing the scalix, it uses that ip not both.

Second part of the question, either disable firewall then scalix will run properly or enable the scalix port from being blocked in firewall, that way scalix will run properly for you. In your current situation when firewall is turned on it is blocking the scalix ports thats why you cannot use scalix on LAN, if you disable it or unblock the scalix ports there will be no problem.

[williamvanwood]

Thank you to everyone who help me with this problem.

I still will have to emable port forwarding for Scalix in the firewall...but I found my answer.

Thank you again.