efa-project.org

Hi all,

New user to EFA. I had no issues installing and configuring the VM and have email flowing smoothly. But I have 1 issue that I just can't resolve.

The VM contains 2 NICS, one is for a .local internal domain and the second is a .net external domain. The link in the email tag line below does not connect. DNS is accurate, there is no external firewall, by all indications it should work as Apache is listening on all IP's to port 80.

Click here to report this message as spam fails to connect when the URL is
http://hostname.externaldomain.net/cgi- ... 5e705add44

If I edit the URL manually to be

http://hostname.internaldomain.local/cg ... 5e705add44

The message is correctly marked as spam.

Why isn't the external IP responding?

can you access http://hostname.externaldomain.net/ from an external address/location? do you see the same page as when you access http://hostname.internaldomain.local/ ?

No, the internal url goes immediately to MailWatch Login page..

The external url returns "This Page can't be displayed."

It acts as if a firewall exists...

No, that's not it.

You'll probably have to define ServerName and ServerAlias in your /etc/httpd/conf/httpd.conf to allow apache to accept multiple host names. That'll mean setting up an Apache Virtual host to accept the second domain name.

http://httpd.apache.org/docs/2.2/mod/co ... erveralias

EFA assumes that you'll only ever use a single domain name to access the server web ui.

Not really pdwalker

The default setup does not look at what hostname is used, you can access the gui on any name as long as it points to the IP of the EFA box.

If you get an 'this page can't be displayed' then there is something wrong with your network setup, are you able to ping the outside IP of the EFA box?

eh, I was tired and perhaps not thinking clearly.

Maybe apache has only bound to the ip of one of the network cards?

Cpoole, what does "sudo netstat -plutn" show you?

[admin@rsefa ~]$ sudo netstat -plutn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1561/clamd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1931/perl
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1528/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1543/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1813/master
tcp 0 0 127.0.0.1:11553 0.0.0.0:* LISTEN 28171/MailWatch SQL
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1699/mysqld
tcp 0 0 :::80 :::* LISTEN 1888/httpd
tcp 0 0 :::22 :::* LISTEN 1543/sshd
udp 0 0 70.91.144.88:123 0.0.0.0:* 1552/ntpd
udp 0 0 192.168.100.90:123 0.0.0.0:* 1552/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1552/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1552/ntpd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 1931/perl
udp 0 0 127.0.0.1:53 0.0.0.0:* 1528/dnsmasq
udp 0 0 fe80::20c:29ff:fead:acc7:123 :::* 1552/ntpd
udp 0 0 2601:e:9780:8800:20c:29f:123 :::* 1552/ntpd
udp 0 0 fe80::20c:29ff:fead:acbd:123 :::* 1552/ntpd
udp 0 0 2601:e:9780:8800:20c:29f:123 :::* 1552/ntpd
udp 0 0 :::123 :::* 1552/ntpd
udp 0 0 :::36142 :::* 1515/dccifd

NSLookup works for both FQDN's


But ping to the external hostname times out..

mail is however flowing in on port 25 so that is not blocked..

It still looks like an internal firewall to me..

I tried something stupid that resulted in a fix...

I cloned the VM and started the clone (original is shutdown).

Same issues exist.

I deleted the internal NIC from VM settings and now the external responds to web requests. I made no other changes..

Did you have two nics going to EFA?

yes, one for internal domain and IP range and one for external domain and ip range..

EFA wasn't designed to do that...

EFA is designed to sit behind a firewall typically in a DMZ...