Iptables forwording to M$ Exchange 2010
Hi all,
I have to configure an Iptables firewall to protect a Microsoft Exchange 2010 server. I saw in THIS LINK that Exhange needs to have a lot of Dynamic RPC ports opened for TCP-IN. Which configuration do I have to add to the following : #Accepting everything from exchange to the internet $IPT -A FORWARD -i eth1 -o eth0 -j ACCEPT #Accepting those ports from the internet to exchange $IPT -A FORWARD -i eth0 -p tcp --dport 465 -j ACCEPT ## SSMTP $IPT -A FORWARD -i eth0 -p tcp --dport 993 -j ACCEPT ## IMAPS $IPT -A FORWARD -i eth0 -p tcp --dport 585 -j ACCEPT ## IMAP4-SSL $IPT -A FORWARD -i eth0 -p tcp --dport 995 -j ACCEPT ## SSL-POP # $IPT -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT ## HTTP # $IPT -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT ## HTTPS # $IPT -A FORWARD -i eth0 -p tcp --dport 25 -j ACCEPT ## SMTP # $IPT -A FORWARD -i eth0 -p tcp --dport 143 -j ACCEPT ## IMAP # $IPT -A FORWARD -i eth0 -p tcp --dport 110 -j ACCEPT ## POP3 #Everything else is droped $IPT -A FORWARD -j DROP Thanks a lot for your answers ! |
I recently put a firewall in between the Internet and an MS Exchange Server. The only port that I forwarded from the Internet to Exchange was port 25. It works fine.
|
The problem is that my company will use all functionalities of Exchange : Send, receive mails, synchronize with Outlook, synchronize the calendar, contacts etc...
The Microsoft's page of Exchange ports to be opened says that there are a lot of dynamics ports which have to be opened and some statics ports. http://technet.microsoft.com/en-us/l.../bb331973.aspx Right now, I don't know how to adapt my iptable's script Thanks a lot for your answers |
I would rather go for a VPN, then. Less attack vectors, less thinkering involved.
The user sets up his/her vpn, connects and then opens Outlook/Owa or whatever without the hassle of opening a zillion of ports. Have you got this option? |
I can't make a VPN in that case because some of final costumers have an iPhone and making a VPN in my case is only able by OpenVPN.
Still searching for iptables_exchange.conf Thanks for your answers |
Here some example.
If you have box with iptables. eth0 ---> outside interface eth2 ---> inside interface. You can use some port forwarding example to open port. Don't forget on top of iptables file OUTPUT: and PREROUTING. Quote:
|
All times are GMT -5. The time now is 07:16 AM. |