Exchange server 2013 behind pfsense



  • dear all

    I installed pfsense infront of exchange server 2013
    I configured the rules - included in attachment

    configured wan interface with the real ip , configured lan interface with segment 192.168.1.*

    I can access the internet from the server

    but I cant access the server from outside

    what am I doing wrong in the configuration ?

    this is the nating section in my router

    [ nat.ini ]
    ifconfig intf=Internet translation=enabled
    mapadd intf=Internet inside_addr=127.0.0.1 protocol=tcp outside_port=51003-51003 inside_port=443-443 mode=inbound weight=10
    mapadd intf=Internet outside_addr=41.38.198.84 inside_addr=192.168.1.254 weight=10
    mapadd intf=Internet type=nat outside_addr=41.32.128.54 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=10
    mapadd intf=Internet type=nat outside_addr=41.32.128.53 inside_addr=41.32.128.53 access_list=41.32.128.53 weight=10
    ifconfig intf=LocalNetwork translation=transparent
    tmpladd group=wan type=nat outside_addr=0.0.0.1 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=50
    config randomports=disabled

    please advice



  • I don't know how much this will help, but I'll give it a shot. Basically, here's how I have pfSense configured, running Exchange 2010 behind it:

    • Interface: WAN

    • Protocol: TCP

    • Source: Type: any

    • Source Port Range: from & to: any

    • Destination: Type: WAN address (I assume you're working with a single static IP?)

    • Destination Port Range: from & to: HTTPS (looking at your config file, it appears you're trying to access the webmail portion of Exchange)

    • Redirect target IP: 192.168.1.254

    • Redirect Target Port: HTTPS

    • Description: Exchange OWA (just a suggestion)

    • No XMLRPC Sync: I have mine unchecked, I only run a single instance of pfSense

    • NAT Reflection: Use system default

    • Filter rule association: Create new associated filter rule (or if you're editing a current rule, it should auto populate the associated firewall rule)

    This is on pfSense v2.1. Don't forget, you need to add a rule for each specific service Exchange needs (SMTP, SMTP/S, HTTPS, IMAP & POP3 if you're using those as well).

    I know it's been 2 weeks since you asked, but I just configured my Exchange server yesterday, figured I could help :D



  • Go to your Firewall -> NAT

    create a port forward of something like this:

    If      Proto      Src. addr    Src. ports        Dest. addr          Dest. port        NAT IP          NAT Ports
    WAN TCP/UDP  *                *                    WAN_IP            80 (HTTP)        mailserver    80 (HTTP)
    WAN TCP/UDP  *                *                    WAN_IP            443 (HTTPS)    mailserver    443 (HTTPS)
    WAN TCP/UDP  *                *                    WAN_IP            25 (SMTP)        mailserver    25 (SMTP)

    Im using this on our pfsense and its working.

    ** NOTE **
    Experts, please correct me if I am wrong on this part.


Log in to reply