Can't connect to external interface of firewall from LAN interface

[syscoel]

I think I am missing some sort of rule at the firewall.
I would like to be able to access my external interface (public IP) from my inner LAN.
How is this possible?

Thanks.

[dacree]

It is a security risk to expose your firewalls admin interface to the internet, but if you want to here is how.

Go to Firewall > Port Forwarding > Add New.
Set the interface to your WAN connection
Destination: your public IP
Original Destination Port: Single Port  443
Protocol: TCP
Source: Any
Destination IP: your internal Zentyal IP
Port: Same

On a side note, you can change the external IP to something you aren't using and the destination port to 443.

[syscoel]

Thanks for your answer, but I may not have explained myself well.
The problem I ran into is that from the inside network (LAN) I can not connect to the public IP.
So all services have to be access differently depending if you are inside or outside the office.
For example to access imaps port (993) and you are connected to LAN you need to use the internal mail servers ip or dns name
(i.e. 192.168.11.11:993).
But if you are outside the office, then you can just access with company.com:993

Now the thing is I would like to be able to access company.com:993 from inside my LAN. Which I don't know why I can't right now.

Thanks

[syscoel]

Anybody?

[syscoel]

Anybody please? I still can't connect to my public IP from inside.

[Sam Graf]

You want to be able to access a fully qualified domain name, not a public IP address, if I'm following you right.

It may be necessary to have a little more information. Is Zentyal the IMAP server? Is Zentyal at the public IP address? Have you allowed outbound port 993 traffic in the firewall?

[Josep]

In your Zentyal's DNS associate its IP to the domain.
Say "mycompany.com" will now be known, internally, as 10.0.0.3.
If you have registered your domain "mycompany.com" somehwere, they will already have your WAN IP. Now it is a matter of forwarding all the mail-related ports to the right server.

[syscoel]

Current situation: Zentyal FW connected to internet, Zentyal mail server in internal LAN. Mail service ports forwarded to mailserver.
What I want to achieve: Connect from inside to mail server services accesing via external ip/domain name.
The main reason for this is that notebook users don't need to change configuration to work inside or outside the office.

Current trials:
I am using zentyal 2.2 at the firewall.
I have noticed that rules applied at "Internal networks to Zentyal" do work:ntp,dns,dhcp,vpn,tftp,ssh
I can access them like this for example ssh user@serverdomain.com from inside.

Now what I would like is to access webaccess like this https://serverdomain.com/webaccess from inside (the same way I would do it from anywere else).

So the next step would be to allow me jumping to my mailserver ports so I created a new service called Https (for webaccess) but this wont work at all.

 

[half_life]

Are you talking about reaching Zarafa from inside?

[syscoel]

Yes I am talking of reaching my external domain from inside. So all devices pointing to this domain, i.e. devices using Z-Push (Active Sync) may connect without problems.