Results 1 to 7 of 7

Thread: Help with IIS and outside access

  1. #1
    Bronze Member Zak8022's Avatar
    Join Date
    Nov 2004
    Location
    Baltimore. MD
    Posts
    134

    Help with IIS and outside access

    Hello all.

    i have setup a new IIS server running Small Business Server 2003 and have two websites running off of it. internally (with modification to my host file for testing purposes) i can get to each site just fine.

    however, externally i run into some problems. here at work we have a T1 connection, and i know i have to open up and forward the http and ftp ports to my IIS box. since my ISP doesnt give me access to the router config, i have to call them for all requests. i called them twice now and they say everything is in order. yet i still cannot get to my websites (nor could i get to the default when i had that running).

    so, supposedly the ports are open, and being directed to my the lan ip that my IIS box is made static at. both websites are unassigned IPs and are being differenciated using the host header function in IIS.

    can anyone help me? to me, it seems like the ports are not open and/or forwarded correctly, yet my ISP continues to tell me they are. any thoughts/suggestions?

  2. #2
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Do you have some kind of router onsite - not the ISP end, your end?
    If you do chances are it is firewalled or needs port forwarding there (if NAT).
    Check on how the connection is presented to you.

  3. #3
    Bronze Member Zak8022's Avatar
    Join Date
    Nov 2004
    Location
    Baltimore. MD
    Posts
    134
    nope.. i dont have any other router.

    our setup is like this: T1 line comes in to ISP-owned router. router has a ethernet port i plug into my switch. the switch, obviously, goes out to all my computers.

    ok... stoopid question time. is there a firewall on Windows Server 2003 Small Business Server (or any 2003 versioned Server for that matter)?

  4. #4
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    So you do have a router on site and it is owned and configured by your ISP. If it connects to a switch onsite it sounds like you are using NAT from the router with internal IPs being private (192.168.c 10.a 172.16.b). Server 2003 includes ICF as XP does but if you can serve the LAN http OK and your router port forwards to the same interface - it should work. My guess would be that your port forwarding isn't set up correctly, try doing a tracert or pathping from external to your web server and see what the last hop says. What about FTP and SMTP are they on and can you connect? You can also try telnetting in to your external ip and see if that returns a banner from the router or the server - depends on what ports you have forwarded. You could always post a link to what should be your websites and we can look from here.

  5. #5
    Bronze Member Zak8022's Avatar
    Join Date
    Nov 2004
    Location
    Baltimore. MD
    Posts
    134
    curio, i appreciate your help very much.

    it turns out that the problem was not a problem at all. according to my ISP, my router will not allow me to enter in my external IP addy from within my office and have it come back correctly. i was on the phone with an ISP Rep and she said she could get to my default website (just a simple text page for testing purposes) jsut fine.

    this is a new thing to me.. i've never heard of not being able to get to a website via IP from certain places. *shrug* she assured me that once my DNS entries are updated (which will be later this week once everything is tidy) there will be no problem.

    i wish i knew this on friday before i spent 3 days on it. sheesh.

  6. #6
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Its normal practice to employ anti-spoofing at the firewall, this means that addresses that appear to originate from inside the firewall will be rejected at the external interface. Hackers try to spoof internal LAN addys so that they can gain a level of trust which wouldn't be granted to an external address. It did also occur to me that perhaps your DNS wasn't set up to the world and only your LAN can resolve the server (because it is your primary DNS server). If you use the website internally you may need to employ a script to update your clients HOSTS file so that when internal addresses look up your.website.com the HOSTS file directs them to 192.168.internal.address (whatever yours is) rather than the external interface which will block you, host headers will work as normal. I can provide you with an example script to modify if you need it.

  7. #7
    Bronze Member Zak8022's Avatar
    Join Date
    Nov 2004
    Location
    Baltimore. MD
    Posts
    134
    ahh, yes. it all makes sense now. lol.

    the websites, two of them actually, will not be used internally, so i am not worried about it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •