LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   accessing OWA thru iptables-based firewall (https://www.linuxquestions.org/questions/linux-security-4/accessing-owa-thru-iptables-based-firewall-394799/)

WindowBreaker 12-20-2005 03:17 AM
accessing OWA thru iptables-based firewall
 
I've got a dual-homed linux box acting as the router for a small lan. This box has one nic w/static public ip (wan), and other nic with private ip (lan).

Inside the lan runs a 2003 server with Outlook Web Access (OWA). As much as I don't like Windoze, client wants to access OWA from outside office.

Does anybody know how to setup iptables script to allow OWA access? Probably a few PREROUTING and FORWARD rules.
Also would like to know if anybody's done this and how.

Here's my crappy ascii pic of the layout (sucks, but hey, it's late and i'm tired).
---------
WAN
---------
|
V
----------------------------
WAN nic
----------------------------------

LINUX ROUTER

----------------------------------
LAN nic
----------------------------
|
V
------------------------
2003 OWA box
------------------------

Thx in advance for help

jrbush82 12-20-2005 03:39 AM
Configure the outlook client to use RPC over HTTP. Of course, then just forward port 80 inbound to the exchange server.

http://office.microsoft.com/en-us/as...402731033.aspx

The IPTABLES script was created using the "Iptables Script Generator" found at http://iptables-script.dk/. You will of course have to edit it to reflect your IP addresses etc.. This script assumes that eth0 is your external interface, and eth1 is your internal interface.

#!/bin/sh

# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael@1go.dk

# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth1'
OWA_SERVER='192.168.0.10'

# load some modules (if needed)

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports to server on LAN
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to $OWA_SERVER:80

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


All times are GMT -5. The time now is 07:39 AM.