Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Exchange server 2013 behind pfsense

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 9.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SAMMAK
      last edited by

      dear all

      I installed pfsense infront of exchange server 2013
      I configured the rules - included in attachment

      configured wan interface with the real ip , configured lan interface with segment 192.168.1.*

      I can access the internet from the server

      but I cant access the server from outside

      what am I doing wrong in the configuration ?

      this is the nating section in my router

      [ nat.ini ]
      ifconfig intf=Internet translation=enabled
      mapadd intf=Internet inside_addr=127.0.0.1 protocol=tcp outside_port=51003-51003 inside_port=443-443 mode=inbound weight=10
      mapadd intf=Internet outside_addr=41.38.198.84 inside_addr=192.168.1.254 weight=10
      mapadd intf=Internet type=nat outside_addr=41.32.128.54 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=10
      mapadd intf=Internet type=nat outside_addr=41.32.128.53 inside_addr=41.32.128.53 access_list=41.32.128.53 weight=10
      ifconfig intf=LocalNetwork translation=transparent
      tmpladd group=wan type=nat outside_addr=0.0.0.1 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=50
      config randomports=disabled

      please advice

      1 Reply Last reply Reply Quote 0
      • M Offline
        mauirixxx
        last edited by

        I don't know how much this will help, but I'll give it a shot. Basically, here's how I have pfSense configured, running Exchange 2010 behind it:

        • Interface: WAN

        • Protocol: TCP

        • Source: Type: any

        • Source Port Range: from & to: any

        • Destination: Type: WAN address (I assume you're working with a single static IP?)

        • Destination Port Range: from & to: HTTPS (looking at your config file, it appears you're trying to access the webmail portion of Exchange)

        • Redirect target IP: 192.168.1.254

        • Redirect Target Port: HTTPS

        • Description: Exchange OWA (just a suggestion)

        • No XMLRPC Sync: I have mine unchecked, I only run a single instance of pfSense

        • NAT Reflection: Use system default

        • Filter rule association: Create new associated filter rule (or if you're editing a current rule, it should auto populate the associated firewall rule)

        This is on pfSense v2.1. Don't forget, you need to add a rule for each specific service Exchange needs (SMTP, SMTP/S, HTTPS, IMAP & POP3 if you're using those as well).

        I know it's been 2 weeks since you asked, but I just configured my Exchange server yesterday, figured I could help :D

        –mauirixxx

        1 Reply Last reply Reply Quote 0
        • R Offline
          rands.rodriguez
          last edited by

          Go to your Firewall -> NAT

          create a port forward of something like this:

          If      Proto      Src. addr    Src. ports        Dest. addr          Dest. port        NAT IP          NAT Ports
          WAN TCP/UDP  *                *                    WAN_IP            80 (HTTP)        mailserver    80 (HTTP)
          WAN TCP/UDP  *                *                    WAN_IP            443 (HTTPS)    mailserver    443 (HTTPS)
          WAN TCP/UDP  *                *                    WAN_IP            25 (SMTP)        mailserver    25 (SMTP)

          Im using this on our pfsense and its working.

          ** NOTE **
          Experts, please correct me if I am wrong on this part.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.