Solved

Web Server behind Firewall: Port Forwarding doesn't work

Posted on 2004-08-15
20
714 Views
Last Modified: 2013-11-16
I'm trying to set up a website on IIS 5.  It's on a Windows XP machine behind a Linksys broadband router/firewall.

It's set up and running ok on port 8080 and is perfectly accessible either through
http://localhost:8080 or
http://192.168.1.69:8080

However, when I try to access the site using my WAN IP 82.0.x.x:8080 nothing comes up but IE's
Cannot find server: The page cannot be displayed
type page.

I have set the website's IP address in IIS to [All unassigned] and setup port forwarding on the Router (I've tried this both in Port Forwarding and UPnP forwarding - neither works).  When I check port 8080 for my WAN IP (82.0.x.x) on Shields Up! (https://www.grc.com/x/ne.dll?bh0bkyd2) it says that port 8080 is open (and it closes if I disable port-forwarding so that seems to be ok).  It doesn't seem to be forwarding to my PC though and I don't understand it.
0
Comment
Question by:SteveFerson
  • 6
  • 5
  • 4
  • +3
20 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 11803799
Hi SteveFerson,

First thing I'd suggest is turn off "Friendly HTTP error messages" in IE.  It's a real pain, and doens't tell you exactly what's going on.

I'd try telnetting to your webserver from an external address.  This will eliminate IE from the enquiries.  To do this, type:
telnet (your IP) 8080
    (You should get a connection, but nothing appearing)
GET /

This should then return a load of HTML to you.

Also, check that the machine running IIS is configured to use the Linksys as it's default gateway.  Can you browse out to the Internet from it?

0
 
LVL 3

Expert Comment

by:pulupul
ID: 11803808
Are you sure that you are using the correct public internet IP address? This url will tell you even in case you are browsing through a transparent proxy set up by your ISP:
http://www.lagado.com/proxy-test
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11803833
I prefer http://www.whatismyip.com/ as it allways seems to work for me?

I host my website www.petenetlive.com behing a Linksys router, but I forward port 80 to my webserver, any reason why your using 8080? this is traditionally used for proxy server web access?

on mine the forward is set up in

"applications and gaming" > "port range forward"

one possible problem you may have is - linksys use port 8080 for remote router management and it may be disabled on the administration >management tab
0
 

Author Comment

by:SteveFerson
ID: 11803842
pulpul you may be onto something....

This request appears to have come via a proxy.

The proxy host is x.x.ntli.net which has ip address 62.254.x.x
The proxy informs us that the client host ip address was 82.0.x.x (my WAN IP)

Does that mean I won't be able to access the webserver from outside then?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11803845
are you on NTL?
0
 

Author Comment

by:SteveFerson
ID: 11803846
I've set it to forward port 80 now as well and configured this in IIS so I should be able to try both but still nothing...
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11803847
I am and mine reports
The proxy host is cache4-midd.server.ntli.net which has ip address 62.254.64.15
0
 

Author Comment

by:SteveFerson
ID: 11803849
Yes, I'm on NTL broadband.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 20 total points
ID: 11803858
well proxy aint your problem - NTL only have one true proxy and your not supposed to know about it

"inktomi1-bri.server.ntl.com" on port 8080

cause its an NTL staff proxy

just as an experiment go to http://www.no-ip.com/ sign up for FREE access and get a URL from them
install the no-ip software on your webserver (if its on XP disable the ICF firewall)

then connect using the URL that no-ip gave you

this is how mine is set up Im on NTL broadband (600k)
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:pulupul
ID: 11803885
You have a transparent proxy, but that is not a problem for incoming connections, I said that to ensure you are using the correct public IP.
Have you disabled Windows XP's internal firewall on the network card/modem that connects to the internet?
0
 

Author Comment

by:SteveFerson
ID: 11803888
Oh dear. I apologise for wasting everyone's time. Apparently it was working, I just can't see it from behind my Firewall/Router.  I got my g/f to check it and the site came up fine.. I am sorry - although it does confuse me a little.
0
 
LVL 3

Expert Comment

by:pulupul
ID: 11803895
How to disable it: Control panel-> Network connections -> right click on the network card or modem connected to the internet -> properties -> Advanced tab -> Uncheck that and accept. If you want to keep the firewall on and open the 80 or 8080 ports, you can do that too, by clicking on "configuration" button, and in the services tab, cheching Web Server (HTTP). I would try first completly disabling the firewall, and if that works, enable it and open the port.
0
 
LVL 3

Expert Comment

by:pulupul
ID: 11803901
Then, maybe in the router you are only redirecting the incoming connections that come from the internet network card/modem, and not those coming from your LAN.
When you, from your PC, go to your public IP address, you are going to your router, which should send the connection (thanks to port forwarding) back to your pc. Maybe the router is only configured to forward connections coming from the internet, and not LAN.
0
 

Author Comment

by:SteveFerson
ID: 11803969
That sounds most likely, but there don't appear to be any settings in the router config to change this.  It's not a big deal though, as long as I know it works from outside.  Thanks anyway guys...
0
 

Expert Comment

by:smoke184
ID: 11804016
Just an FYI to this discussion. I don't know about where you are , but here port 8080 as well as port 80 are blocked by the local ISP, ( to keep keep people from runninf web servers over personnal accounts. Change the port to 8001 or some other available port, if it's dynamic register with DYNDNS.ORG to elimate that problem also. I install a lot of IP Net Cameras. That was my work-around..........:)
0
 

Author Comment

by:SteveFerson
ID: 11804039
lol thanks for the advice, and FYI I'm in Northern Ireland lol

Here in the UK, NTL allow you to have a webserver running (I was as surprised as anyone lol) so that's not the prob.  Like I said it seems to work fine outside my LAN, apparently the router just doesn't forward the ports on internal requests.
0
 

Assisted Solution

by:jmitkin
jmitkin earned 20 total points
ID: 11804227
With Linksys you can put your windows xp machine running IIS under DMZ zone and I think this will solve your problem.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11804447
Thats correct ^^

depending on the amount of clients you have you can point them to your webserver using hostfiles as well :)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now