• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

Port 80 blocked on just one site, and only from inside our firewall

Here's our odd situation that cropped up today....

We have a web server sitting outside our firewall using both HTTP and HTTPS.  From inside our network I can browse using the HTTPS port, but not HTTP.  I can browse any other server, either ours or anyone elses, with HTTP just fine, and anyone outside our network can browse to our server using HTTP (or HTTPS) also just fine.

All the servers are running Win2k and IIS.  We're running RRAS using NAT as our firewall.

Telnet to port 80 inside the firewall never connects.  Telnet to port 443 inside the firewall works fine.  From anywhere else (in the world) outside the firewall (including the firewall itself), port 80 opens as is normal.

(The obligatory...) This worked fine yesterday and (also the obligatory) no, there is nothing that we are aware of that has changed in any of the server configurations.  Again, we can browse anywhere else normally, just not this server.... but it WILL connect using HTTPS.

The server appears to be correctly configured to respond to both 80 and 443 for this particular web site.

Ok, have at it! :-)

Thanks,
Scott
0
shoge
Asked:
shoge
  • 4
  • 4
1 Solution
 
visioneerCommented:
Apparently your firewall is blocking port 80 from the inside to this box on the outside.
0
 
shogeAuthor Commented:
But then why would I be able to browse any other site?  If port 80 were blocked, then I would expect that I wouldn't be able to browse at all.
0
 
visioneerCommented:
As I said, it's probably blocking from the inside to the box on the outside.  Specifically to that box.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
shogeAuthor Commented:
Ok, the RRAS service on the firewall reports no input or output filters on either the LAN or WAN interfaces.  Also, no filters defined for the adapters themselves on either the firewall or web server.  If it's being filtered, I can't find it.
0
 
shogeAuthor Commented:
portqry does report that it is FILTERED.  I just haven't a clue as to where.

Here's the other odd thing... If I connect to the web site's address inside the firewall (it has two adapters and bridges the firewall) on port 80, it opens just fine.
0
 
visioneerCommented:
You'll need to access the inside adapter from inside the firewall.
0
 
shogeAuthor Commented:
Well, that's our workaround for now, but I want to understand WHY this is happening. :-)
0
 
visioneerCommented:
Some firewalls will not route an inside address to an outside address that is defined on the same firewall because the traffic has to go out and then back in.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now