Network
	LAN addresses NAT/Firewall Parameters Domain Name Resolver (DNR) CommuniGate Pro is a network server, and it needs to know the configuration of your network. Most of the settings are retrieved automatically from your OS setup, but you may want to change these settings and/or specify additional settings. This section describes the CommuniGate Pro network settings.

LAN addresses

If you use CommuniGate Pro in a corporate environment, most of your users will connect to the Server from the corporate LAN(s). Use a web browser to open the Settings realm of the CommuniGate Pro WebAdmin Interface, and click the Protection link. The LAN IPs page appears.

LAN IP Addresses
10.0.0.1-10.0.0.255 ; office LAN 10.0.1.12 ; remote office on VPN 10.0.1.15-10.0.1.220 ; DHCP LAN addresses

The LAN IP Addresses table initially contains the addresses the CommuniGate Pro software retrieved from the Server OS configuration. Correct this list to include all LAN (local networks) the CommuniGate Pro server needs to serve.

Each table line should include either one IP address or an address range - two IP addresses separated with the minus sign: a range includes both IP addresses and all addresses between them.

A comment (separated with the semicolon (;) symbol) the can be placed at the end of a line. A line starting with a semicolon symbol is a comment line.

Usually, you want all mail clients connecting from the LAN addresses to be able to relay mail to any Internet destination, so you will inlcude the LAN addresses into the Client IP Addresses list.

The list of LAN IP Addresses is used to support real-time (voice, video, etc.) communications, so the CommuniGate Pro server knows which addresses are "not-real" ("local") addresses, i.e. which addresses cannot be contacted directly from the Internet.

NAT/Firewall Parameters

If your CommuniGate Pro serves a LAN with "local" addresses, it means that:

• CommuniGate Pro is installed behind a NAT/Firewall device; or
• CommuniGate Pro server has at least two network interfaces, one connected to the LAN, and one - to the Internet (WAN).

WAN IP Address
IP Address on NAT/Firewall:

IP Address on the NAT/Firewall

If your CommuniGate Pro server is installed on a LAN behind a NAT/Firewall, the NAT/Firewall device should be configured to relay all connections on its communication (POP, SMTP, SIP, etc.) ports to the CommuniGate Pro server LAN address. Use this setting to specify the IP address your NAT/Firewall "relays" to CommuniGate Pro. For example, if your CommuniGate Pro server has the 10.0.0.5 IP address on your LAN, and the NAT/Firewall relays all incoming connections coming to the 206.253.23.167 IP address to the 10.0.0.5 address, specify the 206.253.23.167 IP address in this setting.
If your CommuniGate Pro server has several network connections, some - to the LAN, and some - to the Internet, use this setting to specify the IP address the server OS uses by default when connecting to remote hosts over the Internet.

CommuniGate Pro supports various real-time communications. Most of those real-time protocols cannot be used via a NAT/Firewall, so CommuniGate Pro can act as "proxy" for those protocols. When a real-time client on a LAN tries to communicate with the a remote system on the Internet, CommuniGate Pro creates a communication port on its own system, and forces the client to connect to that port instead of the remote system port. The CommuniGate Pro communicates with the remote system itself, relaying the data received from the remote system to the client on the LAN and vice versa.

NAT/Firewall Proxy Log: Crashes OnlyFailuresMajor & FailuresProblemsLow LevelAll Info LAN Address: disabled[10.0.0.15][10.0.0.16][127.0.0.1] UDP Ports: - TCP Ports: -

Log

Use this setting to specify what kind of information the Proxy component should put in the Server Log. Usually you should use the Major or Problems (non-fatal errors) levels. But when you experience problems with the Proxy component, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well.
The Proxy component records in the System Log are marked with the UDPPROXY or the TCPPROXY tag.

LAN Address

Use this setting to specify which IP address the Proxy component should use for communication with the LAN clients. It can be any server IP address that belongs to the LAN. Select the Disabled value if you want to disable the CommuniGate Pro protocol proxying features.

UDP Ports

This setting specifies the port number range to be used for UDP proxy operations. If the CommuniGate Pro server is behind a NAT/Firewall, make sure that all UDP packets received by the NAT/Firewall for these ports are relayed to the CommuniGate Pro server.

TCP Ports

This setting specifies the port number range to be used for TCP proxy operations. If the CommuniGate Pro server is behind a NAT/Firewall, make sure that all TCP connections received by the NAT/Firewall for these ports are relayed to the CommuniGate Pro server.

Domain Name Resolver (DNR)

The CommuniGate Pro server uses its own high-speed multithreaded Domain Name Resolver to convert domain names into network (IP) addresses. To convert names, the Domain Name Resolver sends requests to the specified Domain Name Servers.

Server Administrators with the Can Modify Settings access right can modify the Resolver settings. Open the Obscure page in the Settings section of the Server WebAdmin Interface:

Domain Name Resolver

Log: Crashes OnlyFailuresMajor & FailuresProblemsLow LevelAll Info Concurrent Requests: 13510152550100250300other Initial Time-out: 1 second2 second3 second5 seconds7 seconds10 seconds15 seconds30 secondsminute2 minutes3 minutes5 minutes10 minutes Retry Limit: 134567891015202550100other DNS Addresses: OS-specifiedCustom [209.1.58.247], [206.40.74.1] Dummy IP Addresses: 64.94.110.11 ; *.com, *.net "wildcard"

Log

Use this setting to specify what kind of information the Domain Name Resolver should put in the Server Log. Usually you should use the Major or Problems levels. In the later case you will see the information about all failed DNS lookups. If you use the RBL services, you may see a lot of failed lookups in the Log. When you experience problems with the Domain Name Resolver, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well.

The Resolver records in the System Log are marked with the DNR tag.

Concurrent Requests

This setting limits the number of concurrent requests the Resolver can send to Domain Name Servers. On a heavily-loaded mail relay processing several hundred requests per second, this parameter should be selected after some testing: older DNS servers may crash if requested to process too many concurrent requests, also in certain cases the DNR traffic may start to compete with the mail transfer (SMTP) traffic.

Initial Time-out

Then Domain Name System uses a connectionless UDP protocol, and if there any network trouble, a UDP request or reposnse can be lost (TCP protocol automatically resends lost packets). The Domain Name Resolver waits for a response from a DNS server for the period of time specified with this option.

If a response is not received, the Resolver resends the request, and waits twice longer, if it times out again, it can resend the request again and wait three times longer.

If you have several Domain Name Servers specified, each time the resolver needs to repeat a request, it sends it to the next DNS server in the list.

Retry Limit

This option specifies how many time the Resolver should re-send the same request if it has not received any response from a DNS server.

Note: when a request is an RBL request, the Resolvers sends the same request not more than twice, and both times it uses the same (Initial) response time-out.

DNS Addresses

This setting specifies how the CommuniGate Pro Server selects the DNS servers to use. If the OS-specified option is selected, the Server reads the DNS server addresses from the OS. To force the server to re-read those addresses, click the Refresh buttom on the General page in the Settings section.

If the Custom option is selected, the CommuniGate Pro server will use the DNS servers addresses listed in the text field next to this pop-up menu.

If no DNS server address is specified, the CommuniGate Pro server uses the 127.0.0.1 address, trying to connect to a DNS server that can be running on the same computer as the CommuniGate Pro server.

Dummy IP Addresses

This setting allows you to specify network (IP) addresses and/or address ranges that should be considered as "non-existent". Some DNS authorities may choose to "map" all non-existant names within their domains to some special IP address(es).

When a domain name is resolved into IP addresses, the Resolver checks the first address. If this address is listed in the Dummy IP Addresses list, the Resolver returns the "unknown host/domain name" error code. The same check is performed with the results of the DNS MX-search operations.

The Domain Name Resolver uses TCP connections if the server UDP response came back with the "Truncated" flag set. This feature allows the Resolver to retrieve very large records from DNS servers.