    Hi, a company we work with needs the following completed on our firewall. We only use a Draytek 2830 to connect to the web. There is no additional firewall. They asked for the following:

    Please open your firewall to the following IP address range on all ports: You must establish a direct NAT rule that routes us to the exchange server from the firewall

    Our exchange server is on

    Can anyone offer the steps I need to take - eternally grateful if you can. I've had a good look but I'm concerned if I get it wrong i'll open the entire network to the world.


    Re: Firewall issue - need ot get it right

    What do they need to do?

    The NAT > port redirection function does what it describes - redirects ports. If they simply need to connect to the Exchange Server for mail then your existing SMTP port redirection should be sufficient.

    If they are talking about actually managing the server then your VPN redirection should work fine so long as they are told which server to connect to. Or, do you use the VPN management software on the router. If the latter, you will need to refer to the manual as I've never got it to work properly.
      Re: Firewall issue - need ot get it right

      Essentially you need to logon to your router and do the following

      External Address > Port Forward > Internal Address

      I have no experience of the router you are using but I would presume you would need to setup port forwarding that port forwards what ever required ports the company requires, which are not provided, to your Exchange Server.

      What will then happen is that a request from the IP range that the company is using will try and connect to a specified port, e.g. 80, 443, and this will then be forwarded to your exchange server on either the same port or a port you so desire.


        Re: Firewall issue - need ot get it right

        Should give you an idea of how to Port Forward from your External IP to the Exchange Server (if that is what is required). I sure as shit wouldn't be opening EVERY Port on the IP range.
          Re: Firewall issue - need ot get it right

          try this:

          Firewall > filter setup
          create a new filter set
          edit filter rule 1
          set direction WAN > LAN
          pick source iP as the object you created above
          pick destination IP as the exchange host.

          test it from another source - for instance, set up logmein on your home computer.
          Apply the firewall rule, then test it from your home computer.
          if it allows you access - shut it down immediately.

          should be no need to forward ports as it'll open everything to them. In theory.
