2

I am using VMware ESXi to create a network with a test domain running Exchange 2007.

I'm using pfSense as the firewall between my physical network (which I am using as the WAN) and the VM internal network (which isn't connected to physical ports) which is the test domain's LAN.

Everything is working fine. The LAN is using 192.168.1.x addresses and I am routing traffic through our network which is 192.168.62.x

Users on our network are now getting security alerts in Outlook for the test Exchange server (currently they show as for mail.contoso.com as I haven't configured Exchange).

I need external mail access to this test domain so that I can prove failover techniques but I'd like to block the other network users seeing the domain.

Currently I can ping the firewall and servers on our 62.x network from my VMs too (not so much of a problem but it would be nice if these were blocked from each other).

What rules can I set in pfSense to prevent this?

neildeadman
  • 519

1 Answers1

0

Domain controller

LDAP (389/3268 TCP/UDP), Kerberos (88 TCP/UDP), DNS (53 TCP/UDP), RPC netlogon (135 TCP)

Exchange 2007 Hub Transport server

SMTP (25/587 TCP) SSL

Exchange 2007 Mailbox server

 RPC MAPI (135 TCP)

SMTP Relay servers (in a perimeter network)

 SMTP (25,995 SMTP TLS)

Exchange 2007 Unified Messaging server

 SMTP (25,995 SMTP TLS)

Exchange 2007 Mailbox server

 RPC MAPI (135 TCP), many dynamic*

Exchange 2007 Unified Messaging server

 VoIP (TCP 5060,5061 SSL,5065,5066)

Public Folders (hosted by an Exchange 2007 Mailbox server)

 RPC MAPI (135 TCP)

Public Folders (hosted by an Exchange 2007 Mailbox server)

 RPC MAPI (135 TCP), many dynamic*

Exchange 2007 Client Access server

 80/443 TCP SSL

Outlook 2003 client

 RPC over HTTP (80/443 TCP)

Outlook 2007 client

 RPC over HTTP (80/443 TCP)

Other clients (POP3/SMTP/IMAP4)

 POP3 (110/995 TCP), IMAP (143/993 TCP), see too 995 SMTP TLS

/

* By default, "many dynamic ports" is the port range 1024-65535.

Understanding the Ports That Are Used by Exchange 2007 in a Mixed Environment

It may change, if setup RPC range port:

Setup RPC range port in server and clients workstation!

How to configure RPC dynamic port allocation to work with firewalls

Additional:

Restricting Active Directory replication traffic and client RPC traffic to a specific port

Configuring Domain Controller Ports Windows 2000/2003 Replication through a Firewall

To test were more meaningful use these wonderful free Architecture magazines and papers:

The Architecture Journal

MSDN Architecture Center

Architecture Blog

Microsoft Download Center: Architecture

Microsoft Download Center: Architecture diagrams

Microsoft Download Center: Architecture poster

Well, get some magically materials Microsoft Airlift.

pfSense:

Adding Rules With easyrule

pfSense: Configuring NAT and Firewall Rules

Example basic configuration

pfSense: Important CLI commands

Community
  • 1
STTR
  • 6,891