IIS/firewall problem

Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

Hi,

I have set up a web site which runs off one of our internal web servers.
Everything works fine when I try to access the site from within our network
but unfortunately it doesn't work at all when I try to access it over the
internet - I get "Cannot find server" error page.

I have configured NAT so that one of our external IP addresses points to the
internal IP address of the server - I know this is working because I have
accessed other services on that server externally. I have also purchased a
domain name and have configured its A record to point to the server's
external IP address. I have configured the host header name in IIS to the
domain name.

I have also opened port 80 on our firewall so that it is open for the source
as the internal LAN web server IP and the destination as "*".

I'm almost totally sure it's a firewall issue because:

1) It works fine internally within our network
2) It still doesn't work when I add the domain name and external IP to my
Hosts file (therefore it won't be a domain issue)

Does anyone have any suggestions as to what the problem could be? Do I only
have to open port 80 for IIS?

TIA.
3 answers Last reply
More about firewall problem
  1. Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

    Port 80 is all you need for HTTP traffic, and 443 if you use SSL, I think
    your firewall is still the problem. I would check the firewall logs and see
    what you find there.

    --
    Cheers

    Chris

    Chris Crowe [IIS MVP]
    http://blog.crowe.co.nz


    "Jase" <jase@hotmail.com> wrote in message
    news:PFJPe.1266$kE2.586@newsfe3-gui.ntli.net...
    > Hi,
    >
    > I have set up a web site which runs off one of our internal web servers.
    > Everything works fine when I try to access the site from within our
    > network but unfortunately it doesn't work at all when I try to access it
    > over the internet - I get "Cannot find server" error page.
    >
    > I have configured NAT so that one of our external IP addresses points to
    > the internal IP address of the server - I know this is working because I
    > have accessed other services on that server externally. I have also
    > purchased a domain name and have configured its A record to point to the
    > server's external IP address. I have configured the host header name in
    > IIS to the domain name.
    >
    > I have also opened port 80 on our firewall so that it is open for the
    > source as the internal LAN web server IP and the destination as "*".
    >
    > I'm almost totally sure it's a firewall issue because:
    >
    > 1) It works fine internally within our network
    > 2) It still doesn't work when I add the domain name and external IP to my
    > Hosts file (therefore it won't be a domain issue)
    >
    > Does anyone have any suggestions as to what the problem could be? Do I
    > only have to open port 80 for IIS?
    >
    > TIA.
    >
  2. Archived from groups: comp.security.firewalls (More info?)

    In comp.security.firewalls Jase <jase@hotmail.com> wrote:
    > I have set up a web site which runs off one of our internal web servers.
    > Everything works fine when I try to access the site from within our network
    > but unfortunately it doesn't work at all when I try to access it over the
    > internet - I get "Cannot find server" error page.

    Sounds good.

    > I have configured NAT so that one of our external IP addresses points to the
    > internal IP address of the server

    Hm... did you think about the classical three zone concept? Perhaps, it
    would be a good idea to have this web-server in a DMZ.

    > Does anyone have any suggestions as to what the problem could be? Do I only
    > have to open port 80 for IIS?

    You only have to open port 80 usually - if you're not offering web on
    another port. It's difficult to make a diagnosis from here, though.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  3. Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

    >> I have also opened port 80 on our firewall so that it is open for the
    source
    >> as the internal LAN web server IP and the destination as "*".

    Shoudnt that be the other way around? source as "*", destination as internal
    LAN web server IP?

    But also note the firewall might not see the destination as internal LAN web
    server IP because of the NAT. Trying allowing port 80 traffic in to the
    external IP from anywhere.

    --
    :: nick dell
    :: programming & hosting
    :: www.blnk.co.uk
    "Jase" <jase@hotmail.com> wrote in message
    news:PFJPe.1266$kE2.586@newsfe3-gui.ntli.net...
    > Hi,
    >
    > I have set up a web site which runs off one of our internal web servers.
    > Everything works fine when I try to access the site from within our
    network
    > but unfortunately it doesn't work at all when I try to access it over the
    > internet - I get "Cannot find server" error page.
    >
    > I have configured NAT so that one of our external IP addresses points to
    the
    > internal IP address of the server - I know this is working because I have
    > accessed other services on that server externally. I have also purchased a
    > domain name and have configured its A record to point to the server's
    > external IP address. I have configured the host header name in IIS to the
    > domain name.
    >
    > I have also opened port 80 on our firewall so that it is open for the
    source
    > as the internal LAN web server IP and the destination as "*".
    >
    > I'm almost totally sure it's a firewall issue because:
    >
    > 1) It works fine internally within our network
    > 2) It still doesn't work when I add the domain name and external IP to my
    > Hosts file (therefore it won't be a domain issue)
    >
    > Does anyone have any suggestions as to what the problem could be? Do I
    only
    > have to open port 80 for IIS?
    >
    > TIA.
    >
    >
Ask a new question

Read More

Firewalls IIS Servers Networking