accessing OWA thru iptables-based firewall
I've got a dual-homed linux box acting as the router for a small lan. This box has one nic w/static public ip (wan), and other nic with private ip (lan).
Inside the lan runs a 2003 server with Outlook Web Access (OWA). As much as I don't like Windoze, client wants to access OWA from outside office. Does anybody know how to setup iptables script to allow OWA access? Probably a few PREROUTING and FORWARD rules. Also would like to know if anybody's done this and how. Here's my crappy ascii pic of the layout (sucks, but hey, it's late and i'm tired). --------- WAN --------- | V ---------------------------- WAN nic ---------------------------------- LINUX ROUTER ---------------------------------- LAN nic ---------------------------- | V ------------------------ 2003 OWA box ------------------------ Thx in advance for help |
Configure the outlook client to use RPC over HTTP. Of course, then just forward port 80 inbound to the exchange server.
http://office.microsoft.com/en-us/as...402731033.aspx The IPTABLES script was created using the "Iptables Script Generator" found at http://iptables-script.dk/. You will of course have to edit it to reflect your IP addresses etc.. This script assumes that eth0 is your external interface, and eth1 is your internal interface. #!/bin/sh # iptables script generator: V0.1-2002 # Comes with no warranty! # e-mail: michael@1go.dk # Disable forwarding echo 0 > /proc/sys/net/ipv4/ip_forward LAN_IP_NET='192.168.0.1/24' LAN_NIC='eth1' OWA_SERVER='192.168.0.10' # load some modules (if needed) # Flush iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # enable Masquerade and forwarding iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # STATE RELATED for router iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Open ports to server on LAN iptables -A FORWARD -j ACCEPT -p tcp --dport 80 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to $OWA_SERVER:80 # Enable forwarding echo 1 > /proc/sys/net/ipv4/ip_forward |
All times are GMT -5. The time now is 07:39 AM. |