Multiple public IP addresses on single interface with ICF turned on.

Hi friends,

I have a hosted server with a single interface that has multiple public IP addresses assigned to that interface.  The ICF is turned on for that interface with port 80 opened to the interface.

In IIS I have created a new website which is mapped to one of the public IP addresses, and is hosted on port 80.  Why can I NOT see my default web page when I try to access it from any computer?  In the ICF logs, it shows that a connection is made to the public IP address for that web page but no entry exists for the IIS logs for that website.  What am I doing wrong?  Or is it that ICF does not support multiple public IP addresses on an interface?

Who is Participating?
WeHeConnect With a Mentor Commented:
found something for you:
The problem is that you're trying to accomplish something
that ICF cannot handle...
ICF is primarily meant to be used on a workstation for
added security, not on a multihomed server.
The answer you're looking for is quite close to the ICF
but called "Routing and Remote Access" Under
Administrative tools.
You can search your documentation (Windows HELP)
for "Basic Firewall" without the quotes for more
The trick is to enable routing and remote access, only
NAT/Basic firewall components in it and then configure the
firewall.. The options in there are pretty much the same
then in ICF but you'll have a lot more control over how
you want the packets to be handled. Including private port
you want the service to be assigned. If you use either of
your public ports as the private port for your service,
it'll be mapped onto it.
Did you make sure you allowed IIS to listen on this IP?

To do so, run the IIS Manager (Start -> Administrative Tools -> Internet Information Services (IIS) Manager).  Then, go to "Web sites" (on the left pane), click on "Default Web Site" (and/or whichever other site you have), and a new window shoud pop up - "SITENAME Properties". Go to "Web Site" tab, and under "Web site identification" there will be "IP address" and "TCP port" options - as for the first one, there's [Advanced...] button next to it - click it - you will be able to modify "Multiple identities for this Web site" - I guess that's what you're looking for :]
hhp001Author Commented:
Hi Thanks for your reply but that is not what I require.  I do not want one site to be hosted with multiple IP addresses.

Each web site in IIS has a one to one mapping to each IP address on the public interface.  My setup is this:

NIC IP addresses
   --- etc

   --- -
   --- -
   --- -

On ICF port 80 is open for the entire network adapter.  There is no option in ICF to open particular IP addresses singularly.  Also if I Add another TCP 80 to the Services list and point it to one of the other IP addresses it says "The port number is already used by another service.  Please use a unique port number.

I guess you can't use ICF for this purpose.

Can anyone recommend a good software based firewall that supports multiple public IP addresses?

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

You have to add a service definition for each IP Address.
To add a service definition:
Open Network Connections
Click the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
On the Advanced tab, click Settings.
On the Services tab, click Add and enter all of the following information:
In Description of service, type an easily recognized name for the service.
In Name or IP address of the computer hosting this service on your network, type the name or IP address of the computer that runs the service (one of your internet IP's).
In External port number for this service, type the port number that external computers will use to contact this service. (usualy 80)
In Internal Port number for this service, type the port number that the service on your network is using. (80 too)
Click either TCP or UDP. (TCP)
do this for each IP you own.
hhp001Author Commented:

Thanks for that but it does not work!  Now you try to add another service to the list.  Call it whatever you want, use a different IP address and use TCP 80 for both Ext and Int.  It will NOT allow you to do this.

Hm... Could you try using WFetch ( from IIS 6 Resource Kit - ), enable everything on Filter under Settings (CTRL+S), and tell us what you get?
All Courses

From novice to tech pro — start learning today.