I have to change Internet facing IP for Exchange server 2016 CU21.
We use pfSense as a routing solution, on which New Gateway is set - New ISP, works withouth issues. Upstream Gateway set on x.x.x.161/29 IP address. Static IP address set for WAN interface is x.x.x.162.
Since ISP provided multiple WAN IP's and our environment needs multiple servers to use same port, and instead using proxy service, to keep it simple, Virtual IP is created. New WAN IP is set, x.x.x.163/29.
Created NAT Pot Forward:
Interface: Protocol: Source Address: Source Ports: Dest.Address: Dest.Ports: NAT IP: NAT Ports:
WAN TCP * * x.x.x.163 110(POP3) 192.168.1.32 110(POP3)
WAN TCP * * x.x.x.163 143(IMAP) 192.168.1.32 143(IMAP)
WAN TCP * * x.x.x.163 443(HTTPS) 192.168.1.32 443(HTTPS)
WAN TCP * * x.x.x.163 993(IMAP/S) 192.168.1.32 993(IMAP/S)
WAN TCP * * x.x.x.163 995(POP3/S) 192.168.1.32 995(POP3/S)
Then, created NAT Rules:
Protocol: Source: Port: Destination: Port: Gateway: Description:
TCP * * 192.168.1.32 110(POP3) * NAT POP3
TCP * * 192.168.1.32 143(IMAP) * NAT IMAP
TCP * * 192.168.1.32 443(HTTPS) * NAT HTTPS
TCP * * 192.168.1.32 993(IMAP/S) * NAT IMAP/S
TCP * * 192.168.1.32 995(POP3/S) * NAT POP3/S
Changed Default Gateway On Exchange Server (old router used 192.168.1.1, and new one is 192.168.1.2 - pfSense)
On old router Disabled NAT rules, disabled Port Forwarding.
Tested internet access on Exchange Server, it uses new WAN IP as a gateway, and it works.
On Nameserver, changed record for mail.contoso.com on new WAN IP.
On External DNS provider, change record on new IP for the following:
Record: Name: Content:
A POP x.x.x.163
A IMAP x.x.x.163
A SMTP x.x.x.163
A MAIL x.x.x.163
A WEBMAIL x.x.x.163
A EMAIL x.x.x.163
A MX x.x.x.163
With all those changes propagated over the internet , checked over www.whatsmydns.net, also checked with Cisco Talos.
Tested mail flow on Exchange by sending emails to google mailboxes and it worked, but during that time I was connected over VPN.
Without VPN, I was not able to access to OWA, mail client on android or Outlook mail client on PC.
I did flushdns on PC, and restarted it, as nslookup provided correct new WAN IP, but when I tried to ping mail.contoso.com, it returned old WAN IP. I let some time to pass to propagate over the internet, but no prevail.
If anyone have any advice, or if you notice that my approach misses something, it would be of great help!
Edit 1.
Seems like Firewall is blocking me. Found in logs, Block on LAN interface, Source IP:192.168.1.32:443, and as Destination IP I see mine IP from my ISP, with ports 39618 up to 39637
Edit 2.
OWA cannot be accessed even when VPN is on. Also, used pfSense Easy rule, and allowed the traffic, added from port 38000 to 40000, but still, no prevail.
