IFrame redirect to internal website

Thank you for responding,

I do in fact have an additional external IP address. The way it is setup now is I have Comcast coming in via their bridge SMC device. Connected to the SMC is a single Linksys wireless router. Connected to the Linksys router is my web server. Right now the Linksys router is configured to NAT port 80 to my IIS 6 web servers (the default website is configured to use port 80). I also setup a NAT connection to another web site on my web server and use port 8080. Both of these work perfectly.

The problem comes in with the my email server. I have RHEL5 running on VMware on the same server. On the RHEL5 I have installed Zimbra email. I can browse this email server perfectly fine from within my network. The Zimbra server has a private IP address and is included on my internal DNS.

As mentioned I do have an additional IP address (in fact I purchased a 5 block from Comcast). I just don't know how to properly configure this. I tried to setup another web server on IIS6 but I just don't fully understand how all this is going to work? In the end I want to provide access to the Zimbra email server via an IFrame within my web portal. But as it stands this only works for internal users who share our common internal IP network 192.168.1.x.

So do you see a way forward for me given my current mix of hardware and software or do I need to spring for either a new router that could handle more sophisticated networks or just get another server and run RHEL5/Zimbra on there.

Thanks very much!

Depends on how the bridge is setup.  Do you have extra ports or can you put a switch between it and your other router.  The linksys will not work with multiple IPs, something like a Cisco ASA or other router would do this a little more easily but we'll work with what we have.  If you can get a switch in front of your linksys or use a different port on the bridge the easiest solution is to install another router, give it a different IP and then port forward to the email server.  Then you would need a new A record setup for a subdomain similar to mail.domain.com, assign this to the other external IP that forwards to the web mail server.  Once you have these you will need to change the iFrame to point to mail.domain.com as the url instead of the IP.  Its a little convoluted using 2 routers but its either use a second router or give the second nic on the web mail server the direct external IP, this may be ok if you have a good software firewall.  This is kind of a quick and dirty solution if you need it explained better or some help walking through it i will definitely do so.

Just re-reading everything again and i actually have a different solution that may work... you are using port 8080, 80 you could always serve the web-mail over the port 8000 then forward port 8000 to that server then in your html for the iFrame you would need to use the full domain to get the tagging right but the link would be http://domain.com:8000

That may work as well as long there are no issues with changing the port the web-mail interface listens on.  

This may be easier to use and not require all of the additional steps and and hassles.  Plus you already have the port forwarding figured out and running web servers on different ports so this works without you have to take steps you may not be familiar with.

Let me know what you think and if you need help I will do what i can.  

Hello and thank you for your support!

I do in fact have a Cisco 501 and I can buy a switch at BestBuy for cheap. I am a little concered about the port idea only because I believe Zimbra (my open source email server) is hardcoded with certain ports and I really don't want to mess it up...although I am just not too sure if switching the tcp port from 80 to 8000 should likely matter...I just don't know?

Anyway, it sounds like you would prefer the hardware method and I do have a 501 I can use. I will be able to work on this tonight and go to BestBuy this afternoon...what do you think...is that the most sure way of getting it done? Can you help me with the configuration? I can close and reward on this ticket and open another to ask for help on the config if that works better for you.

Thanks again!

Also, I wanted to add that the Linksys router and the Comcast SMC bridge both have 5 10/100 port switches included on them. So maybe I could go from the bridge direct to the 501 then connect the web server direct to the 501? I would still want the web server and its VMware zimbra client to be accessed via NAT and assign the two public IPs to the 501. Does this make sense? The Linksys will server the pc's that need wireless on the network but not otherwise be involved with NAT for the web/email server.

Thanks!

Its a little tough to get the routing from the linksys back through to the internal IPs that your servers would be on.  I am not sure if the 501 will allow for creating the NAT rules i would have to look that up.  If you have the linksys router already and there are extra ports on the bridge it may be jsut as easy when you goto BB to get another identical linksys router since you know the config settings you will need.  The 501 should be the standard cisco IOS but as i mentioned I don't know if you can do the natting with that or if it requires the PIX/ASA software which is different from the standard IOS software.  Does the Zambra also receive the smtp traffic that comes into your building?  if so you will need to update your mx records as well if you change it to a different external IP.  I am going to research Zambra a bit and see how tough it is to change ports.  I should be able to get back to you shortly after i research the zimbra,  might be able to save you from buying any hardware at all which is always nice.

Check out this post on the Zimbra site it lists commands to change the ports and all it looks like you would have to do is start and stop the tomcat service after you finished with commands.

here are the commands it lists, i have never used zimbra, it looks like it has to run on linux huh?

su - zimbra
zmprov ms SERVERNAME zimbraMailPort 81
zmprov ms SERVERNAME zimbraMailSSLPort 444
tomcat restart

http://www.zimbra.com/forums/administrators/2474-www-port-conflict-changing-zimbra-apache-setting-print.html  Full post

Hopefully this will help.  With your current config i would hate to see you tear down the network and then not be able to get it back to what have that is fully functional except this one thing.  One of the downfalls of EE not being able to see the exact network topolgy and help with layout/design to make sure everything goes smoothly.

Oh yeah and ignore my first post about the 501 its been a long day the 501 is a PIX lol

Sorry about that

With ASDM it should be no trouble them or using the general config

I would say lets give it a try with changing the ports and adding a new forward for a subdomain  that is the easiest and least intrusive option so far

Later you could install the PIX on seperate port on the bridge and give one of your remaining IPs and work this side by side until you are ready  to migrate.  That would give you time to weigh out the choices and a few other options.  such as plugging the linksys in to the pix and turning off the dhcp and other options like that to use it basically as an access point which i think you were hinting at earlier.

Ok, so the process is:

1) Change the IP on the VMware zimbra client to one of my public IPs. (Note zimbra uses the Windows host DNS as its DNS server and this is something I can not change without reinstalling zimbra).
2) Add a subdomain to my IIS that forwards to the zimbra public IP.
3) Change the zimbra subdomain port to say 8081/444. I assume zimbra is currently (80/443).
4) Change the Linksys to forward 8081/444 to the web server.
5) Not sure how to change Windows DNS server so internal pc's can find zimbra and of course so zimbra sees its A and MX records.
6) Not sure whatelse I am missing...

Yes, zimbra is a linux based app, written in java and running on red hat 5 within the VMware client.

Thanks!

You will not need to change the IP on your zimbra install this way.  Saving you the hassles of steps one and 2.  I would do it this way.

1. Change Zimbra to ports 8081/443 can be left alone unless you are running ssl elsewhere
2. Create subdomain as a cname pointing to main http://domain.com:8081
3. Create Port forward rule for zimbra ports to zimbra internal IP
4. No DNS or other changes needed

Inside your iframe make the source sub.domain.com the dns will convert it to 8081 and the linksys will forward it.

Hello StrifeJester,

I am back at it and need some help with the dns configuration.
Just to recap: my current setup is:
*W23K server freedomsrv1 192.168.1.120
*Linksys NAT for port 80 goes to 192.168.1.120
*freedomsrv1's IIS successfully server serves web pages on port 80.
*mailsrv1 is a VMware client 192.168.1.105 (freedomsrv1 is the VMware host)
*I successfully changed mailsrv1 (zimbra) to listen on port 8081
*mailsrv1 serves zimbra mail access via linux tomcat webserver (now listening on 8081).
*mailsrv1 uses freedomsrv1's dns
*I set linksys to NAT port 8081 to 192.168.1.120
*freedomsrv1.s dns looks like:
**A record freedomsrv1 192.168.1.120
**A record mailsrv1 192.168.1.105
**MX 192.168.1.105

This is were I am stuck. I do not understand how to configure freedomsrv1's dns so as to create a CNAME that points to mailsrv1:8081. I just don't understand if I create a CNAME in the forward lookup zone and if so how do I point to port 8081.

Many thanks for your guidance thus far, I know we are 90% there. Thanks!

EE is an excellent value. The help provided to me was quick and accurate.
Thank you!