• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 765
  • Last Modified:

Web Server behind Firewall: Port Forwarding doesn't work

I'm trying to set up a website on IIS 5.  It's on a Windows XP machine behind a Linksys broadband router/firewall.

It's set up and running ok on port 8080 and is perfectly accessible either through
http://localhost:8080 or
http://192.168.1.69:8080

However, when I try to access the site using my WAN IP 82.0.x.x:8080 nothing comes up but IE's
Cannot find server: The page cannot be displayed
type page.

I have set the website's IP address in IIS to [All unassigned] and setup port forwarding on the Router (I've tried this both in Port Forwarding and UPnP forwarding - neither works).  When I check port 8080 for my WAN IP (82.0.x.x) on Shields Up! (https://www.grc.com/x/ne.dll?bh0bkyd2) it says that port 8080 is open (and it closes if I disable port-forwarding so that seems to be ok).  It doesn't seem to be forwarding to my PC though and I don't understand it.
0
SteveFerson
Asked:
SteveFerson
  • 6
  • 5
  • 4
  • +3
2 Solutions
 
scampgbCommented:
Hi SteveFerson,

First thing I'd suggest is turn off "Friendly HTTP error messages" in IE.  It's a real pain, and doens't tell you exactly what's going on.

I'd try telnetting to your webserver from an external address.  This will eliminate IE from the enquiries.  To do this, type:
telnet (your IP) 8080
    (You should get a connection, but nothing appearing)
GET /

This should then return a load of HTML to you.

Also, check that the machine running IIS is configured to use the Linksys as it's default gateway.  Can you browse out to the Internet from it?

0
 
pulupulCommented:
Are you sure that you are using the correct public internet IP address? This url will tell you even in case you are browsing through a transparent proxy set up by your ISP:
http://www.lagado.com/proxy-test
0
 
Pete LongConsultantCommented:
I prefer http://www.whatismyip.com/ as it allways seems to work for me?

I host my website www.petenetlive.com behing a Linksys router, but I forward port 80 to my webserver, any reason why your using 8080? this is traditionally used for proxy server web access?

on mine the forward is set up in

"applications and gaming" > "port range forward"

one possible problem you may have is - linksys use port 8080 for remote router management and it may be disabled on the administration >management tab
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
SteveFersonAuthor Commented:
pulpul you may be onto something....

This request appears to have come via a proxy.

The proxy host is x.x.ntli.net which has ip address 62.254.x.x
The proxy informs us that the client host ip address was 82.0.x.x (my WAN IP)

Does that mean I won't be able to access the webserver from outside then?
0
 
Pete LongConsultantCommented:
are you on NTL?
0
 
SteveFersonAuthor Commented:
I've set it to forward port 80 now as well and configured this in IIS so I should be able to try both but still nothing...
0
 
Pete LongConsultantCommented:
I am and mine reports
The proxy host is cache4-midd.server.ntli.net which has ip address 62.254.64.15
0
 
SteveFersonAuthor Commented:
Yes, I'm on NTL broadband.
0
 
Pete LongConsultantCommented:
well proxy aint your problem - NTL only have one true proxy and your not supposed to know about it

"inktomi1-bri.server.ntl.com" on port 8080

cause its an NTL staff proxy

just as an experiment go to http://www.no-ip.com/ sign up for FREE access and get a URL from them
install the no-ip software on your webserver (if its on XP disable the ICF firewall)

then connect using the URL that no-ip gave you

this is how mine is set up Im on NTL broadband (600k)
0
 
pulupulCommented:
You have a transparent proxy, but that is not a problem for incoming connections, I said that to ensure you are using the correct public IP.
Have you disabled Windows XP's internal firewall on the network card/modem that connects to the internet?
0
 
SteveFersonAuthor Commented:
Oh dear. I apologise for wasting everyone's time. Apparently it was working, I just can't see it from behind my Firewall/Router.  I got my g/f to check it and the site came up fine.. I am sorry - although it does confuse me a little.
0
 
pulupulCommented:
How to disable it: Control panel-> Network connections -> right click on the network card or modem connected to the internet -> properties -> Advanced tab -> Uncheck that and accept. If you want to keep the firewall on and open the 80 or 8080 ports, you can do that too, by clicking on "configuration" button, and in the services tab, cheching Web Server (HTTP). I would try first completly disabling the firewall, and if that works, enable it and open the port.
0
 
pulupulCommented:
Then, maybe in the router you are only redirecting the incoming connections that come from the internet network card/modem, and not those coming from your LAN.
When you, from your PC, go to your public IP address, you are going to your router, which should send the connection (thanks to port forwarding) back to your pc. Maybe the router is only configured to forward connections coming from the internet, and not LAN.
0
 
SteveFersonAuthor Commented:
That sounds most likely, but there don't appear to be any settings in the router config to change this.  It's not a big deal though, as long as I know it works from outside.  Thanks anyway guys...
0
 
smoke184Commented:
Just an FYI to this discussion. I don't know about where you are , but here port 8080 as well as port 80 are blocked by the local ISP, ( to keep keep people from runninf web servers over personnal accounts. Change the port to 8001 or some other available port, if it's dynamic register with DYNDNS.ORG to elimate that problem also. I install a lot of IP Net Cameras. That was my work-around..........:)
0
 
SteveFersonAuthor Commented:
lol thanks for the advice, and FYI I'm in Northern Ireland lol

Here in the UK, NTL allow you to have a webserver running (I was as surprised as anyone lol) so that's not the prob.  Like I said it seems to work fine outside my LAN, apparently the router just doesn't forward the ports on internal requests.
0
 
jmitkinCommented:
With Linksys you can put your windows xp machine running IIS under DMZ zone and I think this will solve your problem.
0
 
Pete LongConsultantCommented:
Thats correct ^^

depending on the amount of clients you have you can point them to your webserver using hostfiles as well :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now