Can https://* to OWA but not Sharepoint

djharry

Hi guys,

Currently running SBS2008 box which utilises OWA and Sharepoint plus mail etc.
Running PFsense on a separate box with 1 WAN and 1 LAN
All this is running fine no problems bar Sharepoint over HTTPs:// remotely.

I have set up all the ports to forward to the correct IP's etc in PFsense for RDP, 443, 987 etc etc etc and everything works fine including mail (25)

This is what happens when i type from my work servers
HTTPS://REMOTE.(domainname).net
I see the Remote Web Workplace page and Login Prompt for my username and password (i enter it)
i see the "CHECK EMAIL" button and also the "INTERNAL WEBSITE BUTTON" (LINK)
I can click on the "CHECK EMAIL" button and OWA loads up no problems.
However when i click on the "INTERNAL WEBSITE" button i get the error

Failed to Connect 
Firefox can't establish a connection to the server at remote.(DOMAIN NAME).net:987.

Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
    * Are you unable to browse other sites?  Check the computer's network connection.
    * Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

I have no problems viewing this from within the LAN and i have also removed any installed certificates on my work machine and re-downloaded them from the server but still no luck.
I have got snort installed on the PFSense box but i have no rules enabled just yet. I am waiting till this is setup and configured then i will proceed with enabling and configuring any firewall rules and openvpn etc..

Any help would be appreciated as this is becoming annoying and nowhere i can find google etc forums has yielded and light just yet.

Regards,

Aaron Hill
IT Manager / Senior Network Engineer
Shoal Bay Resort & Spa

jahonix

You forwarded the ports AND created rules to let those forwarded ports pass?

Sounds like the NAT for 987 is there but the firewall rule to actually let traffic pass is missing. This happens when you create the rule by copying it from an existing one (like :443).
The first one created the rule automatically…

Great looking venue, BTW! Need hands-on help on site?  ;-)))

djharry

Yes thats correct i forwarded the ports and allowed the rules to be automatically created and so far everything else works fine.

I Created each rule independently and havent copied any rules.

Yeah it aint bad here i have it pretty good hehe :-)
Not at present dont need anyone sorry bud but hey you never know  ;)

djharry

So im really stumped as i dont know what else it could be.

Any other suggestions.

Cheers

jahonix

What does the firewall log say?
Activate logging for the pass and block/reject rules in question.

razor2000

@jahonix:

What does the firewall log say?
Activate logging for the pass and block/reject rules in question.

Those are good items to try and test out.  What I had in mind was why you're having difficulty in getting port 987 to work.  One item to try, from a remote computer, is to telnet to the WAN ip address on port 987 to see if it connects.  This why you can eliminate the possibility of the ISP blocking port 987 for whatever reason and look at other issues.  Using the logging feature of the port 987 allow rule would also be good to using in combination when testing.  Then test as your normally do when you connect through Firefox to see what happens.

Good luck…