Solutions for NAT LAN access with Exchange 2007 (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Installation



Message


kblackwell -> Solutions for NAT LAN access with Exchange 2007 (11.Apr.2012 1:41:09 PM)

We've recently install Exchange 2007. I wanted to see what solutions people were using for the LAN access to the exchange server.

My first problem is I have some linux machines on my LAN that has NAT addresses. Because the smtp server is actually in a DMZ behind a firewall, when it tried to connect to the primary mx server address, it can't because firewalls in general have a problem contacting a public IP address in the subnet they belong to.

My thoughts on options are.

Create a zone record on the internal DNS server for the public domain I'm accepting mail for.

That seems problematic.

Add a record for the exchange server in the hosts file and direct to the nat'd address on the lan.

That didn't work. I think it's because a listing of the name of the server in a hosts file won't work, I need a DNS mx listing so it will relay mail.

Second problem is DNS related too. When someone wans to use the web interface for say webmail.domain.com, that's a public address that's in the same subnet behind the firewall. Like above, the firewall has a problem trying to reach around to the WAN, then redirecting to an address that's int he same subnet the request is coming from.

The only solution I see to solve both problems is to create a zone record internally and have the public names point to LAN NAT address.

Welcome any comments.

Thanks in advance.




uemurad -> RE: Solutions for NAT LAN access with Exchange 2007 (11.Apr.2012 1:48:17 PM)

If you have the ability to NAT the public IP address, isn't your DMZ using private addresses? Your firewall should be directing the traffic destined for the public IP to the private IP, and shouldn't be dependent upon DNS for that information.

Am I misunderstanding your configuration and/or your intentions?




Page: [1]