Configuring Ubuntu Server as a Firewall and Reverse Proxy for OWA 2007…
Ok, I admit it – there definitely seems to be a distinct Linux flare to my posts over the last few months considering the continuing series of articles based around iSCSI which make heavy use of the Linux based SAN OpenFiler and indeed now I am writing about using the popular Linux Distribution Ubuntu server – some of you might be thinking “has he gone over to the Dark Side? and embraced the Penguin?”
The truth is – I really like Linux, and indeed whilst it do not proclaim to be in anyway shape or form an “expert” in the subject (although I do have a lot of exposure to IBM AIX where I work) I think that it has a very strong place as an alternative to certain Microsoft Technologies when you are working to a budget but still wish to maintain security and stability – I know that there are others whom will argue that it is the better solution!.
One such example is the deployment of Exchange 2007 OWA published via ISA 200x. I have had a few questions recently from people whom have asked “I have Exchange and I want to publish OWA to the Internet – but I cannot afford ISA as well”.
I have initially offered the Apache route as my answer to such questions – but it occurred to me that I have never actually tried to implement it myself – could I be sending fellow Exchange folks down a path of pain and suffering? So in a moment of guilt – I decided (in amongst all the other stuff that I have been doing at the moment and as a prelude before I finish the iSCSI article) to devote some time to experimenting with the topic.
One of the things that I first noticed during my research on the topic is that there are a number of articles out there on the Internet which deal with this subject, however none actually seem to be a full overview of the configuration required. Indeed some of the articles actually contradict what is said in the other – most of which have been written by skilled Linux folk whom have obviously shared what worked for them within their own Infrastructures but did not expand on the other nuances required – therefore there was scope for me as an alleged Exchange aficionado to write something from the “other side” so to speak where I could try to include most of the steps that I took to get it working.
I would also like to make clear at this stage that I am not being critical of the articles out there on this subject – without them I would not have managed to get to a working solution, they were written by Linux people for Linux people – I wish to write something for Windows people making use of Linux.
Anyway enough of the prelude waffle (I do that enough) you get the point – so what I would like to do in this post is take you through (in as always trusty VMWARE) how you can setup an Ubuntu Server installation, and provide you with a document which can be used to configure Ubuntu to proxy your Client Access Servers.
Essentially the structure of this article will give you an overview of how you can install a basic instance of Ubuntu Server and then break out into a separate downloadable PDF which contains all of the configuration steps that you can take to get the scenario working. The main reason for me taking this approach is twofold:
- The document is a tidied up version of my experimentation notes on this subject over the last two months
- I have been producing a number of really long articles recently which – no doubt – have been a little heavy going
The full configuration guide which will take you through the post Ubuntu installation configuration which will put you in a position whereby all of your OWA and Active Sync requests to your Client Access Server can be served up via the Ubuntu firewall and proxy.
This can be downloaded from here:
It might be a good idea to download this document and print it out then have a read through before you proceed.
To give you an idea of the sort of configuration that can be accomplished at the end of this article – please see the diagram below:
There are of course other configurations that can be derived from this article – but the above is the primary focus.
Configuration of the VMWARE host:
I will at this stage assume that most of you are familiar with VMWARE Server 2.0 and indeed how to configure Virtual Machines – if you need a refresher or a quick overview I did a detailed walk through HERE – all you need to do is change the Virtual Machine specifications to the following:
System Disk = 5 GB
RAM = 1024
CPU = 1
Networking = suit you own needs – you need at least one interface bridged to the host
CD-ROM = Will need to point to the Ubuntu ISO that you download in the next step
To make life easier do not add a floppy drive or USB support.
You will obviously need to provide your own VM name – and indeed substitute all the IP configuration to match that of your network
Installing Ubuntu into your VMWARE Guest:
You will need to download the latest version of Ubuntu Server (8.10) from http://www.ubuntu.com/getubuntu/download to your VMWARE HOST server – when it has downloaded you will need to point the VMWARE Guest’s CD-ROM drive that you have created in the previous step at the ISO file.
When you have done that – power on the Virtual Machine and open the VMWARE Remote Console – you should be presented with the following screen:
Choose the language which suits your installation – and then press “Enter”
You will be presented with the Ubuntu setup screen – choose the “Install Ubuntu Server” option by hitting “Enter”
Languages seem to be the theme during a Linux install – you will be asked to confirm the Language that you have previously selected – choose the option which suits you best (during my experimentation I choose Chinese for a laugh but regretted it once I remember that I did not know any) – when you are happy hit the “Enter” key.
You will then be presented with the Locale screen – choose the location which suits you the best and then hit “Enter”
You will then be asked if you wish to “Auto detect” your Keyboard layout – in my original walkthrough I said “Yes” and then had to do weird and wondering things with my keyboard (some of which I am not sure are legal in parts of the UK) – so to save sometime – choose “No” and then manually select it – but if you fancy a giggle – do the Auto Config.
The installer will then go away and do some thinking (see above).
You will then be asked to provide a Host Name for the System – in my demo I called the system “ubtu-fw-01” – but you can choose what you like – when you are done use the “Tab” key to navigate to the “Continue” option.
You will then be asked how you would like to partition your system Disk – it is best to use the guided modes – for simplicity you can use the “Guided – Use entire disk” however the “Encrypted Option” might be worth considering within a production scenario – however for the purposes of this article please use the first option and hit <Enter>
You will be asked which disk you wish to Partition up – as we have only configured one disk on our machine this step if very straight forward – essentially hit “Enter”
You will be asked if you would like to commit the disk schema – using the “Tab” key navigate to the “Yes” option and hit “Enter”
The installer will then calculate the partitions required for the system – you will then be asked to confirm these – using the “tab” key navigate to the “Yes” option and hit “Enter”
You will then be asked to create a user by first providing the equivalent of a Display Name – bear in mind that this user will be the primary means of administering the system – certain names are reserved (for example root, daemon etc) and remember that this is Linux not Windows – so don’t use any special characters – I have found that I good naming convention is <department><name> – for example “ITAndyG” – choose a name which suits you and then navigate to the “Continue” option and hit “Enter”
You will then be asked to create the user account name – again remember no special characters! when you are happy navigate to the “Continue” option and hit “Enter”
You will then need to provide a password for the account – remember if you are doing this for a production system you should make the password as strong as possible – when you are happy – navigate to the “Continue” option and hit “Enter” – after you have hit “Enter” on the next screen that you are presented you will be required to confirm the password.
You will then be asked if you wish to ensure that your users home directory (/home/<username>/) on the Ubuntu Server should be encrypted you can choose this option if you wish – but for the purposes of this article I would suggest that you choose “No” and then hit “Enter”.
You will then be asked if access to the Internet is provided via a proxy server – if this is the case provide the details of the proxy (in the format of http://proxyname:port – for example http://corpProxy:8080):
When you are done navigate to the “Continue” option and then hit “Enter”.
You will then be asked how you would like the system to handle system updates – the best choice here (in a production environment) would be “Install security updates automatically” – however it is down to your own preference – when you have made your selection hit the “Enter” key.
You will then be asked if you wish to install any additional components to your installation – this is again down to you, however I would recommend that you do not install any further components as this will further reduce the attack surface for the installation so just use the “Tab” key to navigate to the “Continue” option.
The installation is now completed – you will be prompted to reboot the system – disable the ISO from the VMWARE machine’s CD-ROM drive and then choose the “Continue” option.
You should now have a fully functioning Ubuntu Server installation – which means that you are now ready to continue with the steps that are contained within the PDF guide which I provided at the start of this article – for convenience the link is also provided here: