Solved

Forwarding HTTP traffic to our public IP internally for exchange/wireless phones?

Posted on 2011-02-17
7
356 Views
Last Modified: 2012-05-11
Basically what happened was about a month ago our Sonicwall router died and I had  a new one shipped over night. I got the new one up and running in a couple hours and I was pretty proud of myself. One issue remains though. When users with iphones are on the lan through the wireless they can't use the internet. The reason being is in their email settings they are using our public IP address. I can tell this isn't going to work because I will get on a workstation and type in our public ip address in the browser using: Https://65.40.X.X and I go no where. I'm pretty sure that https is the port that would need to be forward to get this to work. This was my guess on how it should work that doesn't seem t work:

Original Source: LAN SUBNETS
Translated Source: ORIGINAL
Original Destination: Server's public IP Address
Translated Destination: Server's internal IP Address
Original Service: HTTPS
Translated Service: Original

0
Comment
Question by:sagetechit
  • 4
  • 3
7 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
it could be one of two things or both.  first thing i'd check is if you've enabled the management on the WAN interface.  if you have, then you might consider changing the https port to something other than 443.  go to system > administration to do that.

second, you might check to confirm you have a loopback configured.  if you ran the public server wizard, it would have created one for you.  putting the public IP for mail would then work.  the loopback says internal requests bound for the public IP of the WAN interface internal.  otherwise, it drops that traffic.

so, your iphone users can't get email or they can't get to the internet?
0
 

Author Comment

by:sagetechit
Comment Utility
When they are on the wan, and they get on the wifi, there email no longer works. They can surf the web just fine.

You might be on to something with the interface management, I'll check it out.

I went through the wizards to set most of this up so I think my loopback is created...
0
 

Author Comment

by:sagetechit
Comment Utility
It appears I only have SSH and Ping enabled under management
 snapshot of interface
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:sagetechit
Comment Utility
The LAN address has http and https selected, would that screw it up?
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
no, just the WAN since the management and the email may be using the same public IP address.  the LAN IP would be different from your exchange server.

you said, "When they are on the wan, and they get on the wifi, there email no longer works."  when you say WAN, i think the WAN zone on the sonicwall and when you say wifi, i think WLAN zone on the sonicwall.  can you clarify that sentence from those perspectives?
0
 

Author Closing Comment

by:sagetechit
Comment Utility
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_23347507.html

this is what i used to fix my issue, but I didn't know about the loopback until I read his comment
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
so, you must have had some NAT policies created manually.  glad you found it and thanks for the points!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now