L
L
Leva272014-05-30 05:04:31
Mikrotik
Leva27, 2014-05-30 05:04:31

Set up Mikrotik RB751 to work with Microsoft Exchange to access Outlook Web App from the Internet?

The Mikrotik RB751 router is installed as a gateway to the Internet (internal IP 192.168.0.1), there is a server with MS Exchange 2013 (192.168.0.3) in the local network.
What is the best way to forward on NAT to port 443 of a mail server from the Internet (to connect to Outlook Web App via https from the Internet), if this port is already in use (forwarding to another server, let's say 192.168.0.2 port 443)?
Existing dstnat rule (protocol: 6 (tcp), dst-port: 443, action: dst-nat, to adress: 192.168.0.2, dst port: 443). Stupidly replacing 192.168.0.2 with 192.168.0.3 in the rule goes to OWA, but access to the service at 192.168.0.2 through 443 is lost accordingly
. Accordingly, there is an external server.ru domain, the necessary NS records point to the external Mikrotika IP address.
I would like to get to https://192.168.0.3/owa by typing mail.server.ru from the outside in the browser and by typing https://server.ru - to get to https://192.168.0.2/

Answer the question

In order to leave comments, you need to log in

3 answer(s)
N
nimbo, 2014-05-30
@nimbo

only the use of two external ips comes to my mind and, accordingly, spreading through netmap to the necessary servers.

P
Pavel, 2014-05-30
@Uttar

The option to dial mail.server.ru:[some port] from the outside, and on Mikrotik forward from [some port] to 443 Exchange does not work?

D
Dmitry, 2014-06-26
@HomeDimoN

I'm afraid only a proxy web server inside a network with several virtual sites will help here.
habrahabr.ru/post/142363
nginx.org/ru/docs/http/configuring_https_servers.html nGinx config
example for mail.server.ru
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/conf.d/cert/mail.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/mail.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name mail.server.ru;
if ($http_host ~ "(?i)(mail\.server\.ru)$") {
rewrite ^(.*) /web/$1 last;
}
location /web// {
proxy_pass https://192.168.0.3/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 500;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
REQUIRED!! Generate certificates for sites and put them in the /etc/nginx/conf.d/cert/ folder (or another but change the path in the config...)
By the same analogy, a second config is created, the server_name directives, the condition in IF, proxy_pass are changed. And it seems like a second certificate is desirable ...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question