(linux) Local hosts & Network'ing local computers?

kyij · Jun 8, 2014

I have my main server running everything from web hosting, ZFS, video surveillance, VM's, etc - It is running Debian 7.

Anyhow my last goal is to get an email server to run on it as well. Since it seems that iRedmail (roundcube) can not be installed on a machine that also is hosting sites, I simply plan to install iRedmail on a VM.

Although I am not sure how to network several linux computers together - from my knowledge I tried this:

1. Installed VM (also Debian 7)
2. Edited the VM's and host's computer localhosts file:

Code:

#File: /etc/hosts
127.0.0.1     localhost
127.0.1.1     domainname.net          domainname
127.0.1.2     mail.domainname.net    mail

3. Installed iRedMail
3.1 During installation, for my virtual domain, I put the real domain name (not sure if this makes a difference in the end).
4. After Installation, I am able to access roundcube (iredmail) inside the VM via "https://mail.domainname.net/mail" or "https://127.0.1.2/mail" or "https://127.0.1.1/mail" or even "domainname.net". But since 127.0.1.1 hosts a site, and that I am not able to access it, I feel like I did something wrong.. and the fact that domainname.net only works due to the virtual domain.

4.1. On the main OS or any other computer, I can not access this virtual machine via any of the names. When I try "127.0.1.2" on my main OS, it takes me to the homepage of my site.

As a note, I believe when I install iRedmail w/o the firewall (where it changes the iptables), I can go on my MainOS and goto "127.0.1.2" or "mail.domainname.net" it would auto redirect me to "https://mail.domainname.net/mail" but would say there is nothing found under the apache server for /mail/ -- which makes since since there is nothing there, but I am not sure howto access the roundcube login then..

Please ask if something does not make sense, thanks for reading! :blah:

Stratus_ss · Jun 8, 2014

kyij said:
I have my main server running everything from web hosting, ZFS, video surveillance, VM's, etc - It is running Debian 7.

Anyhow my last goal is to get an email server to run on it as well. Since it seems that iRedmail (roundcube) can not be installed on a machine that also is hosting sites, I simply plan to install iRedmail on a VM.

Although I am not sure how to network several linux computers together - from my knowledge I tried this:

1. Installed VM (also Debian 7)
2. Edited the VM's and host's computer localhosts file:

Code:

#File: /etc/hosts 127.0.0.1 localhost 127.0.1.1 domainname.net domainname 127.0.1.2 mail.domainname.net mail

3. Installed iRedMail
3.1 During installation, for my virtual domain, I put the real domain name (not sure if this makes a difference in the end).
4. After Installation, I am able to access roundcube (iredmail) inside the VM via "https://mail.domainname.net/mail" or "https://127.0.1.2/mail" or "https://127.0.1.1/mail" or even "domainname.net". But since 127.0.1.1 hosts a site, and that I am not able to access it, I feel like I did something wrong.. and the fact that domainname.net only works due to the virtual domain.

4.1. On the main OS or any other computer, I can not access this virtual machine via any of the names. When I try "127.0.1.2" on my main OS, it takes me to the homepage of my site.

As a note, I believe when I install iRedmail w/o the firewall (where it changes the iptables), I can go on my MainOS and goto "127.0.1.2" or "mail.domainname.net" it would auto redirect me to "https://mail.domainname.net/mail" but would say there is nothing found under the apache server for /mail/ -- which makes since since there is nothing there, but I am not sure howto access the roundcube login then..

Please ask if something does not make sense, thanks for reading!

So I think you are getting some things confused. 127.x.x.x/8 should not be used for anything. These are loopback devices and are not routeable (or at least should not be) outside of the local host. Therefore this ip range is not accessible to anyone outside of the vm itself

What are you trying to achieve? Is this actually going to do mail for the internet? Does this need to be accessible to the outside world (i.e. sending and receiving?)

If so, does your ISP allow smtp, virtually all of the ones I know of do not allow you to host your own mail because of spam issues. If they do, you need to setup port forwarding on your router. So in general, assuming ISPs are not blocking for an email server you need

1) Server running some mail software on port 25
2) A domain (although not strictly required, makes life easier)
3) A port that forwards port 25 to an internal host
4) an internal host that is routeable (i.e. bridge the network card or setup a double nat forward situation)
5) local clients with a host or DNS entry that directs domain.com to your mail server. Most firewalls will block this action. You will need to see if yours always domain traffic bound for the outbound interface to be redirected internally.

kyij · Jun 8, 2014

Stratus_ss said:
So I think you are getting some things confused. 127.x.x.x/8 should not be used for anything. These are loopback devices and are not routeable (or at least should not be) outside of the local host. Therefore this ip range is not accessible to anyone outside of the vm itself

What are you trying to achieve? Is this actually going to do mail for the internet? Does this need to be accessible to the outside world (i.e. sending and receiving?)

If so, does your ISP allow smtp, virtually all of the ones I know of do not allow you to host your own mail because of spam issues. If they do, you need to setup port forwarding on your router. So in general, assuming ISPs are not blocking for an email server you need

1) Server running some mail software on port 25
2) A domain (although not strictly required, makes life easier)
3) A port that forwards port 25 to an internal host
4) an internal host that is routeable (i.e. bridge the network card or setup a double nat forward situation)
5) local clients with a host or DNS entry that directs domain.com to your mail server. Most firewalls will block this action. You will need to see if yours always domain traffic bound for the outbound interface to be redirected internally.

I forgot about checking my isp for smtp, but for experience purposes, I would still like to get this going.

And yes, I was assuming that I was just confusing the whole concept of the hosts.

The goal was to get a fully working mail server, where I can login anywhere outside the network and access roundcube to send/receive email.

1) I have been trying to get iRedmail which runs roundcube for the mail software (runs off port 25).
2) I already own some.
3) Not sure what your asking, like allowing it through my router? Or is port 25 suppose to automatically point to a specific internal ip?
4) So I need two separate internal IP's, one for my main server, and a separate one for the VM (mail server)? I have 3 rj45 ports on my motherboard, which I believe 2 are only for internet. But I can also use a separate pci card if need be.
5) My main OS/server is the one that hosts the site and forwards everything. Maybe just edit the ports.conf file to have a permanent redirect for a certain domain/subdomain?

Thanks.

Stratus_ss · Jun 9, 2014

kyij said:
I forgot about checking my isp for smtp, but for experience purposes, I would still like to get this going.

And yes, I was assuming that I was just confusing the whole concept of the hosts.

The goal was to get a fully working mail server, where I can login anywhere outside the network and access roundcube to send/receive email.

1) I have been trying to get iRedmail which runs roundcube for the mail software (runs off port 25).
2) I already own some.

These are both good, and I assume you have testing Redmail and it appears to be working locally.

3) Not sure what your asking, like allowing it through my router? Or is port 25 suppose to automatically point to a specific internal ip?
4) So I need two separate internal IP's, one for my main server, and a separate one for the VM (mail server)? I have 3 rj45 ports on my motherboard, which I believe 2 are only for internet. But I can also use a separate pci card if need be.

So here is what happens. You can have multiple services running off the same domain name. So for example here are the services I have accessible from the outside:

https (box 3)
ssh (box 2)
sftp (box 4)
openvpn (box 1)

All of these point to a different server. The client's dont know this. For example a client does the following:

Code:

ssh [email protected]

This hits my router which holds the ip for this domain. Router sees port 22 and forwards this to box 2.

When someone goes to stratus.somedomain.com in their browser, the router enforces https, and redirects to box 3.

Openvpn connections to stratus.somedomain.com gets redirected to my vpn server on box 1 etc.

All of these are different machines on the network which the router is forwarding to.

5) My main OS/server is the one that hosts the site and forwards everything. Maybe just edit the ports.conf file to have a permanent redirect for a certain domain/subdomain?

Is the main server doing the routing? If not, then this will not work. Its usually done via dns or host file. So if your internal dns server has mail.yourdomain.com pointing to your redmail server you are golden. If not, you will need to use a host file on each client you want to be able to resolve mail.yourdomain.com internally.

On a different note, you may want to checkout DigitalOcean, I use them for my own mail server, its $5 a month for the cheapest server and they do not block any ports (including 25).

Its good practice learning about setting up mail, how to avoid spam filters. Things like SPF records and other stuff is a great eye opener in terms of how things work

kyij · Jun 9, 2014

Okay, thanks for helping me solve a few of my initial questions/problems..

Now I am just trying to access this server outside of the network.

Inside my network I can goto: 192.168.1.188 (the mail server) and it takes me to the login page - so I assume it just automatically listens on port 25.

But I can not access it outside of my network.

I already told my router to redirect port 25 to 192.168.1.188 but when I try to goto domain.net:25 it tells me that "this webpage is not available".

My guess is that I am trying to access port 80 (since I am connecting via http) but it does not know that I am trying to access port 25?

I was able to make a workaround via using another domain and changing my ports.conf file to redirect all incoming traffic on port 80 to an internal "proxy" of 192.168.1.188 (it just redirected the traffic to that internal IP), although this still only works on internal traffic as it actually redirects to https://192.168.1.188/mail

PS: I have used services such as google to setup email on a specific domain, but I was more looking for an easy (cheaper) way to control all of my random websites + have custom domain names.

--Edit-- After looking, I believe I can not access it simply because my ISP is blocking port 25? But couldn't I just have iRedmail run on a different port?

-_Edit2-- I googled timewarner and port 25 and found this article. In it, it says "To send email outside of the TWC Mail servers, you’ll need to reset your connections from port 25 to port 587." I am working on trying to get iRedmail to work on 587 but am having the same problem.. maybe I will just have to call my isp in the morning if this is the problem.

Stratus_ss · Jun 10, 2014

So i know nothing about redmail specifically. If it has a web interface like gmail or whatever, you will need http(s) redirected to your redmail server. Port 25 is for the transporting of email only.

The problem with running your mail server on a different port is that the mail may be rejected from certain sources.

More simple put

That's the easy part. Unfortunately, there's no way to tell the rest of the world what port your SMTP server is listening on. The DNS system allows you to list the servers that will accept mail for your domain (using MX records), but those servers are then assumed to be listening on port 25. Attempting to add port information to your MX records (by using "my.domain.com:2525", for example) will only cause strange error messages to be returned to people who try to send you mail.

The only way to receive mail on a non-standard port is to arrange for someone else's servers to receive it for you first (on the standard port) and then forward it to you on the non-standard port you've chosen.

Source

Basically it has been my experience that because smtp is on port 25, you wont get any mail without a mail relay if your ISP is blocking port 25

kyij · Jun 12, 2014

Ok, I think I was getting the mail ports mixed up with the actual http ports. The problem (I believe) is that, roundcube wants to be accessed via the internet (port 80). But my main webserver which hosts several sites via port 80 and my external ip.

Well when I try to connect to my domain, it will obviously redirects to my external ip and my router normally tells everything from port 80 to goto my main server's internal IP (thus skipping my mail server).

So it looks like I need a way to have my mail server to be accessed (I think apache controls the webserver) and have it to be able to be accessed via a different port rather then port 80, is that possible? -I would normally redirect via the virtual host file, but I am not sure how to redirect to an internal server (I did, but if you see my other post, it does not work the way I intended).

Stratus_ss · Jun 12, 2014

Well there are a few ways you can handle this

You can use Apache on the main box, and say if you are going to mail.domain.com forward to this one, if you are going to domain.com point at myself. That way if your dns for both mail and domain are going to your router, your router simply just directs to your server, and your server decides where stuff goes

On better routers you can actually tell it if you get xxx.domain.com do this, if you get yyy.domain.com do that.

kyij · Jun 13, 2014

Let me try to rephrase myself:

First note, I only have one external IP - but I do have two internal IP's (one for the main box and the other for the mail server). But this should not be "too" much of an issue, except:

I have Apache on the main box already. But in the ports.conf file (where I tell apache to redirect each site / turn on SSL / where the Document root is located) I have this for now:

Code:

<VirtualHost *:80>
Servername mail.domain.com
</VirtualHost>

The problem is, telling the unit how to access my mail server.. I have tried doing a RewriteRule and setting a Location (ProxyPass) but neither helped in the end. My assumption is that I will have to use ServerPath but am getting confused on how to use it in my case.

Edit: I tried something for testing purposes but get this weird phenomena:
When I simply goto my local IP, I have no issues connecting to it. My main problem was getting my main box to redirect incoming connections to a different host. So for a test, I told my router to route all port 80 (internet connections) to goto my mail server at the 192.168.1.188 - but when I then goto my site (which will/should redirect me to my mail server) it goes to domain.com/mail but sayings nothing was found under "/mail" ..

I mean, it makes sense since nothing is actually under /var/www/mail but normally when I goto like 192.168.1.188 inside my network it redirects to https://192.168.1.188/mail just fine..?

Stratus_ss · Jun 15, 2014

you need to dump your router config.

It still sounds like you dont have the forwarding working correctly. Here is an example of using redirects, this is one of my servers in "the cloud" that redirects based on the incoming URL

Code:

<VirtualHost *:80>
	ServerName wiki.the-linux-admin.com
	RewriteEngine on
	RewriteCond %{HTTP_HOST} ^wiki.the-linux-admin.com [NC]
	RewriteCond %{HTTP_HOST} !^$
	RewriteRule ^/?(.*)	http://wiki.the-linux-admin.com:8090 [L,R,NE]
</VirtualHost>

<VirtualHost *:80>
	ServerName oc.the-linux-admin.com
	#DocumentRoot /var/www/owncloud
	RewriteEngine on
	ReWriteCond %{SERVER_PORT} !^443$
	RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost oc.the-linux-admin.com:443>
	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/owncloud.pem
	SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
	DocumentRoot /var/www/owncloud/
 
	<Directory /var/www/owncloud>
		AllowOverride All
		order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

kyij · Jul 12, 2014

Sorry for the long delay, but I would like to work on this again..

Here is the redirects that my apache/everything server does:

Code:

# Ensure that Apache listens on port 80
Listen 80
Listen 443

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
DocumentRoot /var/www/kyij.net/
ServerName kyij.net
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost 192.168.1.188>
Servername mcner.com
ServerPath \mail
Alias /mail 192.168.1.188/
DocumentRoot mail.kyij.net/mail
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) 192.168.1.188 [P,L]
#<Location />
#       ProxyPass http://192.168.1.188/mail/
#       ProxyPassReverse http://192.168.1.188/mail/
#</Location>
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/cheaphuluplus.com/
ServerName www.cheaphuluplus.com
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/cheaphuluplus.com/
ServerName cheaphuluplus.com
</VirtualHost>


#<VirtualHost *:80>
#DocumentRoot /var/www/mcner.com/
#ServerName mcner.com
#</VirtualHost>


<VirtualHost *:443>
DocumentRoot /var/www/kyij.net
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Attached is an image of my router which redirect the ports to which IP/computer to redirect traffic to.

A lot of this code is played around with, as some directories do not match what I want for the end, and some of the code is just trial/error to see what works. When your done looking, I would like to edit the real site names.. Thanks

Stratus_ss · Jul 13, 2014

Your image is missing

kyij · Jul 13, 2014

Stratus_ss said:
Your image is missing

Fixed.

kyij · Jul 15, 2014

kyij · Jul 17, 2014

Bump Bump

kyij · Jul 27, 2014

bump bump bump

Stratus_ss · Jul 28, 2014

I would think the simpler solution would be to have a different subdomain. As in my example, it may be easier to tell apache to redirect not based on ServerPath but based on incoming domain.

mail.somedomain.com could then be triaged specifically instead of it getting *:80 and then attempting to parse out the server path (I am not sure that serverpath is formed properly anyways, i havent use that option)

To recap your problem is that when trying to hit the webmail from the outside it isnt working properly correct?

(linux) Local hosts & Network'ing local computers?

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

Attachments

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

kyij

Member

kyij

Member

kyij

Member

kyij

Member

Stratus_ss

Overclockix Snake Charming Senior, Alt OS Content

Similar threads