Exchange server 2013 behind pfsense
-
dear all
I installed pfsense infront of exchange server 2013
I configured the rules - included in attachmentconfigured wan interface with the real ip , configured lan interface with segment 192.168.1.*
I can access the internet from the server
but I cant access the server from outside
what am I doing wrong in the configuration ?
this is the nating section in my router
[ nat.ini ]
ifconfig intf=Internet translation=enabled
mapadd intf=Internet inside_addr=127.0.0.1 protocol=tcp outside_port=51003-51003 inside_port=443-443 mode=inbound weight=10
mapadd intf=Internet outside_addr=41.38.198.84 inside_addr=192.168.1.254 weight=10
mapadd intf=Internet type=nat outside_addr=41.32.128.54 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=10
mapadd intf=Internet type=nat outside_addr=41.32.128.53 inside_addr=41.32.128.53 access_list=41.32.128.53 weight=10
ifconfig intf=LocalNetwork translation=transparent
tmpladd group=wan type=nat outside_addr=0.0.0.1 inside_addr=41.32.128.54 access_list=41.32.128.54 weight=50
config randomports=disabledplease advice
-
I don't know how much this will help, but I'll give it a shot. Basically, here's how I have pfSense configured, running Exchange 2010 behind it:
-
Interface: WAN
-
Protocol: TCP
-
Source: Type: any
-
Source Port Range: from & to: any
-
Destination: Type: WAN address (I assume you're working with a single static IP?)
-
Destination Port Range: from & to: HTTPS (looking at your config file, it appears you're trying to access the webmail portion of Exchange)
-
Redirect target IP: 192.168.1.254
-
Redirect Target Port: HTTPS
-
Description: Exchange OWA (just a suggestion)
-
No XMLRPC Sync: I have mine unchecked, I only run a single instance of pfSense
-
NAT Reflection: Use system default
-
Filter rule association: Create new associated filter rule (or if you're editing a current rule, it should auto populate the associated firewall rule)
This is on pfSense v2.1. Don't forget, you need to add a rule for each specific service Exchange needs (SMTP, SMTP/S, HTTPS, IMAP & POP3 if you're using those as well).
I know it's been 2 weeks since you asked, but I just configured my Exchange server yesterday, figured I could help :D
-
-
Go to your Firewall -> NAT
create a port forward of something like this:
If Proto Src. addr Src. ports Dest. addr Dest. port NAT IP NAT Ports
WAN TCP/UDP * * WAN_IP 80 (HTTP) mailserver 80 (HTTP)
WAN TCP/UDP * * WAN_IP 443 (HTTPS) mailserver 443 (HTTPS)
WAN TCP/UDP * * WAN_IP 25 (SMTP) mailserver 25 (SMTP)Im using this on our pfsense and its working.
** NOTE **
Experts, please correct me if I am wrong on this part.