Results 1 to 10 of 10

Thread: Internal Access

  1. #1
    Newbie
    Join Date
    Nov 2009
    Posts
    8

    Default Internal Access

    Greetings all,

    I am in need of some assistance.

    We have a Windows AD Domain, exchange and the like.

    I have setup port forwarding and my users can access OWA-OMA from outside of the network. However when they come inside with thier MAC's Iphones etc they are unable to access the website.

    DNS is hosted on the 2003 Server and DNS is turned off on the Untangle box.

    So I need the users to be able to access these web pages from inside of the Local Network.

    Would I be better off to try an add a DNS entry on the WIndows server that points to an internal IP, or will I need to do something with the port forwarding.

    Thanks in advance.

  2. #2
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,178

    Default

    Hi,
    Can you post a screenshot of your Portforwad and firewall rules?

    You can add a DNS entry on your internal DNS but i do believe that aigher you haven't moved UTs admin gui to another port then 443 or you have forgotten "destination local" or giving the internal interface access to the firewall rule.

    So post screenshots on them and i think we will find the problem.

  3. #3
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,351

    Default

    Or touch your DNS server with static register or access internal with the internal name (or local private ip)
    Is not the same example.com/exchange that example.lan/exchange (or .local, or whatever internal domain used)

  4. #4
    Newbie
    Join Date
    Nov 2009
    Posts
    8

    Default Screenshots


  5. #5
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,178

    Default

    What i can see they look correct.
    What do you get if you go to https://externalipofut/exchange ?

    Are your firewall in pass or block mode?

  6. #6
    Newbie
    Join Date
    Nov 2009
    Posts
    8

    Default

    Quote Originally Posted by dwasserman View Post
    Or touch your DNS server with static register or access internal with the internal name (or local private ip)
    Is not the same example.com/exchange that example.lan/exchange (or .local, or whatever internal domain used)
    Yeah the internal is domainname.local

    The devices try to look for mail.domainname.com so I was thinking I could just put a DNS entry in my DNS to reply with the internal ip when on the local network, ie DNS grabs and tells it the ip is 10.0.0.? instead of trying to go out the firewall and come back in.

    Problem is I have never done this on a MS DNS server so I will need to create a new zone that says domainname.com should translate IP to local instead of public IP, yes?

    P.S. Thanks for the quideance.

  7. #7
    Newbie
    Join Date
    Nov 2009
    Posts
    8

    Default

    Quote Originally Posted by WebFooL View Post
    What i can see they look correct.
    What do you get if you go to https://externalipofut/exchange ?

    Are your firewall in pass or block mode?
    Firewall is in pass mode with no rules setup yet.

    Here is what I get when I try to go out.

    Attachment 2052

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,464

    Default

    Quote Originally Posted by unkyjoe View Post
    Yeah the internal is domainname.local

    The devices try to look for mail.domainname.com so I was thinking I could just put a DNS entry in my DNS to reply with the internal ip when on the local network, ie DNS grabs and tells it the ip is 10.0.0.? instead of trying to go out the firewall and come back in.

    Problem is I have never done this on a MS DNS server so I will need to create a new zone that says domainname.com should translate IP to local instead of public IP, yes?

    P.S. Thanks for the quideance.
    That is the most direct route. It's called split dns, and you're creating a zone on your DNS server that matches your public namespace and stuffing in the records you need. Thus creating a DNS zone that spits back internal addressing.

    Be warned, if you take this approach you will need to duplicate the ENTIRE ZONE. Once you stuff domainname.com into a windows DNS server that serves your AD users, it will think it's authoritative for that name space. This means you need the www record, MX record, and everything else that comes with domainname.com for full functionality.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler richie's Avatar
    Join Date
    Apr 2007
    Posts
    396

    Default

    try modifying your port forward for 443. From destined local to destination address and put your external ip of untangle

  10. #10
    Newbie
    Join Date
    Nov 2009
    Posts
    8

    Default

    Thanks for the help guys & gals

    I setup a split DNS and that did the trick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2