LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-28-2011, 05:29 AM   #1
yon4h
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Rep: Reputation: 0
Question Iptables forwording to M$ Exchange 2010


Hi all,

I have to configure an Iptables firewall to protect a Microsoft Exchange 2010 server.
I saw in THIS LINK that Exhange needs to have a lot of Dynamic RPC ports opened for TCP-IN.

Which configuration do I have to add to the following :


#Accepting everything from exchange to the internet
$IPT -A FORWARD -i eth1 -o eth0 -j ACCEPT

#Accepting those ports from the internet to exchange

$IPT -A FORWARD -i eth0 -p tcp --dport 465 -j ACCEPT ## SSMTP
$IPT -A FORWARD -i eth0 -p tcp --dport 993 -j ACCEPT ## IMAPS
$IPT -A FORWARD -i eth0 -p tcp --dport 585 -j ACCEPT ## IMAP4-SSL
$IPT -A FORWARD -i eth0 -p tcp --dport 995 -j ACCEPT ## SSL-POP
# $IPT -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT ## HTTP
# $IPT -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT ## HTTPS
# $IPT -A FORWARD -i eth0 -p tcp --dport 25 -j ACCEPT ## SMTP
# $IPT -A FORWARD -i eth0 -p tcp --dport 143 -j ACCEPT ## IMAP
# $IPT -A FORWARD -i eth0 -p tcp --dport 110 -j ACCEPT ## POP3

#Everything else is droped
$IPT -A FORWARD -j DROP


Thanks a lot for your answers !
 
Old 04-29-2011, 04:57 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I recently put a firewall in between the Internet and an MS Exchange Server. The only port that I forwarded from the Internet to Exchange was port 25. It works fine.
 
Old 05-02-2011, 10:23 AM   #3
yon4h
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Original Poster
Rep: Reputation: 0
The problem is that my company will use all functionalities of Exchange : Send, receive mails, synchronize with Outlook, synchronize the calendar, contacts etc...

The Microsoft's page of Exchange ports to be opened says that there are a lot of dynamics ports which have to be opened and some statics ports.


http://technet.microsoft.com/en-us/l.../bb331973.aspx


Right now, I don't know how to adapt my iptable's script

Thanks a lot for your answers
 
Old 05-03-2011, 03:16 AM   #4
spidernik84
LQ Newbie
 
Registered: Mar 2004
Distribution: Archlinux
Posts: 18

Rep: Reputation: 0
I would rather go for a VPN, then. Less attack vectors, less thinkering involved.
The user sets up his/her vpn, connects and then opens Outlook/Owa or whatever without the hassle of opening a zillion of ports.
Have you got this option?
 
Old 05-03-2011, 10:33 AM   #5
yon4h
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Original Poster
Rep: Reputation: 0
I can't make a VPN in that case because some of final costumers have an iPhone and making a VPN in my case is only able by OpenVPN.

Still searching for iptables_exchange.conf

Thanks for your answers
 
Old 05-05-2011, 06:37 AM   #6
volga629
Member
 
Registered: Dec 2009
Posts: 67

Rep: Reputation: 21
Here some example.
If you have box with iptables.
eth0 ---> outside interface
eth2 ---> inside interface.
You can use some port forwarding example to open port.
Don't forget on top of iptables file OUTPUT: and PREROUTING.

Quote:

:PREROUTING ACCEPT [244:18777]
-A PREROUTING -p tcp -i eth0 -d WANoutisde --dport 25 -j DNAT --to-destination LocalIPort
-A TCP_INPUT -s WANoutside -p tcp localport --dport -j ACCEPT
-A FORWARD -p tcp -i eth0 -d localIP --dport localip -j ACCEPT
-A OUTPUT -o eth2 -d localip -p tcp --dport localport -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables rules to allow user's access M$ Exchange 2010 pkhera_2001 Linux - Server 4 02-19-2010 04:58 AM
Iptables port forwording shorto Linux - Networking 11 08-26-2006 08:05 PM
Port Forwording Problem on Debian shorto Linux - Networking 2 07-09-2006 08:55 AM
port forwording siralek88 Linux - Networking 1 02-09-2005 07:12 PM
video forwording.. sound forwording? exodist Linux - Networking 0 06-01-2004 11:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration