On Tue, Jul 31, 2012 at 6:34 PM, Shrinivasan T <[email protected]> wrote: > On Tue, Jul 31, 2012 at 6:24 PM, Shrinivasan T <[email protected]> wrote: >> I have a zimbra server installed in a server, which has a public IP >> and a domain name configured. >> >> Now the web UI is accessible by public.
That would be the expectation when the server has a public IP address and a "global" domain name. If that is not the intent then put it in a DMZ or within the LAN and allow access to "LAN" users and other users over VPN or port forwarding (see below). >> How to protect the web UI accessible only for the internal users? See above - DMZ/LAN. > > They need to allow web UI for some users who are roaming and access > the mail from a browsing center. > > I think, any VPN is the best solution for this. > Yes, openVPN is the best out there for SSL VPN (layer 3). There are clients pretty much for all the popular desktop OS. This will work for road warriors and tele workers who use their own ISP connections. However, a VPN solution may not be feasible from cybercafes wherein you are restricted to the app stack provided by the vendor (as Amachu has pointed out). Having said the above, if the browsing centers are handful, they have static IPs and you know that users from there are within your purview, then you can port forward connections from such sites into the ZCS server. Open up special ports for each center and forward each of those connections to the ZCS. This way you can also log how many connections from each site. iptables is your friend in this solution. > Hope, using VPN we can make sure that only internal users or VPN > connected users can access the application. > > Which VPN is best and easy for windows clients? > See above. -- Arun Khan "As a layman, I would say we have it, but as a scientist I have to say, 'What do we have?'" Rolf Heuer, Director General CERN on the announcement of Higgs Boson particle. _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
