Community discussions

MikroTik App
  4. RouterOS
  5. General

Exchange mailbox access on cell phones  [SOLVED]

Post Reply
 
sema
just joined
Topic Author
Posts: 2
Joined: Wed Feb 07, 2018 8:23 pm

Exchange mailbox access on cell phones

Thu Feb 08, 2018 8:08 pm

Basic setup with hEX r3 as a router/firewall and wAP AC as a wireless.
Few NAT rules. Exchange server on the LAN network. Single subnet, DHCP on the Windows server.
Everything works great except one thing.

Users have Exchange mailboxes configured on the phones. Server address looks like mail.domain.com and points to the public IP of the office. When users are outside of the office and using their data plans emails work fine. As soon as users connected to the company wireless phones cannot connect to the Exchange server.

Do I need to add a rule to allow phones connect to the Exchange on the local network using public name/IP?

Thanks
Top
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 997
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:
Contact cdiedrich

Re: Exchange mailbox access on cell phones

Fri Feb 09, 2018 1:33 pm

https://wiki.mikrotik.com/wiki/Hairpin_NAT
-Chris
Top
 
SPKA16
newbie
Posts: 29
Joined: Fri Aug 05, 2016 8:41 pm

Re: Exchange mailbox access on cell phones

Fri Feb 09, 2018 2:47 pm

..or point your internal (Windows) DNS server (forward zone) so that mail.domain.com points to the internal IP of your mailserver.
Top
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Exchange mailbox access on cell phones  [SOLVED]

Fri Feb 09, 2018 4:13 pm

Hair pin example. NAT works in conjunction with your firewall rules. Although the DNS suggestion sounds nice.

Code: Select all
# Hairpin example
# 10.1.0.1 is the router
# 10.1.0.2 is your internal server

/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Allow established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop   comment="Drop all other input"

add chain=forward action=accept connection-state=established,related comment="Allow established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat comment="Allow Port forwards"
add chain=forward action=drop   comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN  comment="Default masq"
add chain=srcnat action=masquerade out-interface=bridge-LAN dst-address=!10.1.0.1 src-address=10.1.0.0/24 comment="Hairpin"
add chain=dstnat action=dst-nat    dst-address-type=local   dst-address=!10.1.0.1 to-addresses=10.1.0.2   dst-port=80 to-ports=80 protocol=tcp comment="Hairpin"
Top
 
sema
just joined
Topic Author
Posts: 2
Joined: Wed Feb 07, 2018 8:23 pm

Re: Exchange mailbox access on cell phones

Sat Feb 10, 2018 12:31 am

Hair pin rules fixed an issue.
Thanks gentleman!
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Builithe85, dawdler, DNAT, quackyo and 101 guests
  4. RouterOS
  5. General