Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I Lost OWA and active sync from Exchange 2007.

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      ptex
      last edited by

      Does this look right? I have no packages set up yet. Logs show lots of lots of LAN traffic getting blocked at the WAN address on ports 137 and 138 do I need to open 137 and 138 also?

      Proto Source Port Destination Port Gateway Schedule Description

      Reserved/not assigned by IANA * * * * * Block bogon networks

      TCP * * Exchange 25 (SMTP) *   NAT Inbound SMTP

      TCP * * Exchange 443 (HTTPS) * NAT Inbound 80

      TCP * * Exchange 143 (IMAP) *   NAT Inbound imap

      TCP LAN address * Exchange 143 (IMAP) *  NAT Inbound https

      TCP * * WAN IP 443 (HTTPS) * Easy Rule: Passed from Firewall Log View

      1 Reply Last reply Reply Quote 0
      • P Offline
        ptex
        last edited by

        This is what I have reset up, and still no https or imap love.
        LAN Side

        
        Proto	Source	Port	Destination	Port	Gateway	Schedule	Description	
        
        TCP	 LAN address	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound https 	
        
        TCP	 LAN address	 *	 *	 443 (HTTPS)	 *	  	 NAT Inbound https 	
        
        TCP/UDP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound https 	
        
         *	 LAN net	 *	 *	 *	 *	  	 Default LAN -> any 	
        
        TCP	 Exchange	 *	 *	 25 (SMTP)	 *	  	 Allow Outbound SMTP 	
        
        TCP	 Exchange	 *	 *	 443 (HTTPS)	 *	  	 Allow Outbound https 	
        
        TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 Allow Outbound https 	
        
        TCP	 Exchange	 *	 *	 143 (IMAP)	 *	  	 Allow Outbound imap 	
        
        TCP	 *	 *	 *	 25 (SMTP)	 *	  	 Block Unauthorized Outbound SMTP 	
        
        UDP	 *	 *	Exchange	 137 (NetBIOS-NS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
        
        UDP	 *	 *	Exchange	 138 (NetBIOS-DGM)	 *	  	 Easy Rule: Passed from Firewall Log View 
        

        WAN Side

        
        Proto	Source	Port	Destination	Port	Gateway	Schedule	Description	
        
        *	Reserved/not assigned by IANA	*	*	*	*	*	Block bogon networks	
        
        TCP	 *	 *	Exchange	 25 (SMTP)	 *	  	 NAT Inbound SMTP 	
        
        TCP	Exchange	 *	 *	 25 (SMTP)	 *	  	 NAT Inbound SMTP 	
        
        TCP	 *	 *	Exchange	 80 (HTTP)	 *	  	 NAT Inbound http 	
        
        TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 NAT Inbound 80 	
        
        TCP	 *	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound imap 	
        
        TCP/UDP	 *	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound imap 	
        
        TCP	 LAN address	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound https 	
        
        TCP	 WAN address	 *	Exchange	 143 (IMAP)	 *	  	 NAT Inbound https 	
        
        TCP	 *	 *	Exchange	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
        
        TCP	 LAN address	 *	Exchange	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
        
        TCP	 *	 *	WAN IP	 443 (HTTPS)	 *	  	 Easy Rule: Passed from Firewall Log View 	
        
        TCP/UDP	 *	 *	 Exchange	 138 (NetBIOS-DGM)	 *	  	 NAT  	
        
        TCP/UDP	 *	 *	Exchange	 137 (NetBIOS-NS)	 *	  	 NAT  
        
        

        People get pissy when the internets go down for some reason.  How do my rules look?

        NAT

        
        If	Proto	Ext. port range	NAT IP	Int. port range	Description	
        
        WAN	 TCP	 25 (SMTP)	  Exchange		 25 (SMTP)	 Inbound SMTP 	
        
        WAN	 TCP	 25 (SMTP)	  Exchange		 443 (HTTPS)	 Inbound https 	
        
         WAN	 TCP	 25 (SMTP)	  Exchange		 143 (IMAP)	 Inbound https 	
        
         WAN	 TCP	 25 (SMTP)	 Exchange		 443 (HTTPS)	 Inbound https 	
        
        WAN	 TCP/UDP	 138 (NetBIOS-DGM)	  Exchange	 138 (NetBIOS-DGM)	  	
        
        WAN	 TCP/UDP	 137 (NetBIOS-NS)	  Exchange	 137 (NetBIOS-NS)	  	
        
        
        1 Reply Last reply Reply Quote 0
        • Cry HavokC Offline
          Cry Havok
          last edited by

          Can I strongly suggest you remove all the rules and start again. Being with a blank slate - one default allow all on the LAN and use the Wizard to create your NAT rules.

          When you're finished you shouldn't end up with any extra rules on the LAN interface and the WAN and NAT rules will be much shorter.

          1 Reply Last reply Reply Quote 0
          • P Offline
            ptex
            last edited by

            What wizard?

            1 Reply Last reply Reply Quote 0
            • R Offline
              root2020
              last edited by

              All you should have to do is port forward 25, 80 and 443 to you exchange server. That is all I am doing and it works just fine. Did you change something on exchange?

              Looking at your NAT, it does not look like you are forwarding port 80.

              Yes, I would start over as well and have only this rule in the LAN Tab

              • LAN net * * * *   Default LAN -> any

              Just go to Firewall > NAT > Port forward for you Exchange services
              WAN TCP * * WAN address 80 (HTTP) Exchange 80 (HTTP)
              WAN TCP * * WAN address 443 (HTTPS) Exchange         443 (HTTPS)
              WAN TCP * * WAN address 25 (SMTP) Exchange 25 (SMTP)
              etc. The Port Forwarding will auto-create some rules in your WAN leave them there.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.