IIS/firewall problem

[jase]

Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

Hi,

I have set up a web site which runs off one of our internal web servers.
Everything works fine when I try to access the site from within our network
but unfortunately it doesn't work at all when I try to access it over the
internet - I get "Cannot find server" error page.

I have configured NAT so that one of our external IP addresses points to the
internal IP address of the server - I know this is working because I have
accessed other services on that server externally. I have also purchased a
domain name and have configured its A record to point to the server's
external IP address. I have configured the host header name in IIS to the
domain name.

I have also opened port 80 on our firewall so that it is open for the source
as the internal LAN web server IP and the destination as "*".

I'm almost totally sure it's a firewall issue because:

1) It works fine internally within our network
2) It still doesn't work when I add the domain name and external IP to my
Hosts file (therefore it won't be a domain issue)

Does anyone have any suggestions as to what the problem could be? Do I only
have to open port 80 for IIS?

TIA.

 

[Guest]

Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

Port 80 is all you need for HTTP traffic, and 443 if you use SSL, I think
your firewall is still the problem. I would check the firewall logs and see
what you find there.

--
Cheers

Chris

Chris Crowe [IIS MVP]
http://blog.crowe.co.nz


"Jase" <jase@hotmail.com> wrote in message
newsFJPe.1266$kE2.586@newsfe3-gui.ntli.net...
> Hi,
>
> I have set up a web site which runs off one of our internal web servers.
> Everything works fine when I try to access the site from within our
> network but unfortunately it doesn't work at all when I try to access it
> over the internet - I get "Cannot find server" error page.
>
> I have configured NAT so that one of our external IP addresses points to
> the internal IP address of the server - I know this is working because I
> have accessed other services on that server externally. I have also
> purchased a domain name and have configured its A record to point to the
> server's external IP address. I have configured the host header name in
> IIS to the domain name.
>
> I have also opened port 80 on our firewall so that it is open for the
> source as the internal LAN web server IP and the destination as "*".
>
> I'm almost totally sure it's a firewall issue because:
>
> 1) It works fine internally within our network
> 2) It still doesn't work when I add the domain name and external IP to my
> Hosts file (therefore it won't be a domain issue)
>
> Does anyone have any suggestions as to what the problem could be? Do I
> only have to open port 80 for IIS?
>
> TIA.
>

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In comp.security.firewalls Jase <jase@hotmail.com> wrote:
> I have set up a web site which runs off one of our internal web servers.
> Everything works fine when I try to access the site from within our network
> but unfortunately it doesn't work at all when I try to access it over the
> internet - I get "Cannot find server" error page.

Sounds good.

> I have configured NAT so that one of our external IP addresses points to the
> internal IP address of the server

Hm... did you think about the classical three zone concept? Perhaps, it
would be a good idea to have this web-server in a DMZ.

> Does anyone have any suggestions as to what the problem could be? Do I only
> have to open port 80 for IIS?

You only have to open port 80 usually - if you're not offering web on
another port. It's difficult to make a diagnosis from here, though.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

 

[user]

Archived from groups: comp.security.firewalls,microsoft.public.inetserver.iis,microsoft.public.inetserver.iis.security (More info?)

>> I have also opened port 80 on our firewall so that it is open for the
source
>> as the internal LAN web server IP and the destination as "*".

Shoudnt that be the other way around? source as "*", destination as internal
LAN web server IP?

But also note the firewall might not see the destination as internal LAN web
server IP because of the NAT. Trying allowing port 80 traffic in to the
external IP from anywhere.

--
:: nick dell
:: programming & hosting
:: www.blnk.co.uk
"Jase" <jase@hotmail.com> wrote in message
newsFJPe.1266$kE2.586@newsfe3-gui.ntli.net...
> Hi,
>
> I have set up a web site which runs off one of our internal web servers.
> Everything works fine when I try to access the site from within our
network
> but unfortunately it doesn't work at all when I try to access it over the
> internet - I get "Cannot find server" error page.
>
> I have configured NAT so that one of our external IP addresses points to
the
> internal IP address of the server - I know this is working because I have
> accessed other services on that server externally. I have also purchased a
> domain name and have configured its A record to point to the server's
> external IP address. I have configured the host header name in IIS to the
> domain name.
>
> I have also opened port 80 on our firewall so that it is open for the
source
> as the internal LAN web server IP and the destination as "*".
>
> I'm almost totally sure it's a firewall issue because:
>
> 1) It works fine internally within our network
> 2) It still doesn't work when I add the domain name and external IP to my
> Hosts file (therefore it won't be a domain issue)
>
> Does anyone have any suggestions as to what the problem could be? Do I
only
> have to open port 80 for IIS?
>
> TIA.
>
>