Solved

Multiple public IP addresses on single interface with ICF turned on.

Posted on 2004-10-26
359 Views
Last Modified: 2008-02-01
Hi friends,

I have a hosted server with a single interface that has multiple public IP addresses assigned to that interface.  The ICF is turned on for that interface with port 80 opened to the interface.

In IIS I have created a new website which is mapped to one of the public IP addresses, and is hosted on port 80.  Why can I NOT see my default web page when I try to access it from any computer?  In the ICF logs, it shows that a connection is made to the public IP address for that web page but no entry exists for the IIS logs for that website.  What am I doing wrong?  Or is it that ICF does not support multiple public IP addresses on an interface?

Thanks
0
Question by:hhp001
    6 Comments
     
    LVL 1

    Expert Comment

    by:NchMch
    Did you make sure you allowed IIS to listen on this IP?

    To do so, run the IIS Manager (Start -> Administrative Tools -> Internet Information Services (IIS) Manager).  Then, go to "Web sites" (on the left pane), click on "Default Web Site" (and/or whichever other site you have), and a new window shoud pop up - "SITENAME Properties". Go to "Web Site" tab, and under "Web site identification" there will be "IP address" and "TCP port" options - as for the first one, there's [Advanced...] button next to it - click it - you will be able to modify "Multiple identities for this Web site" - I guess that's what you're looking for :]
    0
     
    LVL 2

    Author Comment

    by:hhp001
    Hi Thanks for your reply but that is not what I require.  I do not want one site to be hosted with multiple IP addresses.

    Each web site in IIS has a one to one mapping to each IP address on the public interface.  My setup is this:

    NIC IP addresses
      |
       --- 212.100.100.10
       --- 212.100.100.11
       --- 212.100.100.12
       --- etc

    IIS
      |
       --- apple.com - 212.100.100.10
       --- banana.com - 212.100.100.11
       --- pear.com - 212.100.100.12

    On ICF port 80 is open for the entire network adapter.  There is no option in ICF to open particular IP addresses singularly.  Also if I Add another TCP 80 to the Services list and point it to one of the other IP addresses it says "The port number is already used by another service.  Please use a unique port number.

    I guess you can't use ICF for this purpose.

    Can anyone recommend a good software based firewall that supports multiple public IP addresses?

    Thanks
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    You have to add a service definition for each IP Address.
    To add a service definition:
    Open Network Connections
    Click the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
    On the Advanced tab, click Settings.
    On the Services tab, click Add and enter all of the following information:
    In Description of service, type an easily recognized name for the service.
    In Name or IP address of the computer hosting this service on your network, type the name or IP address of the computer that runs the service (one of your internet IP's).
    In External port number for this service, type the port number that external computers will use to contact this service. (usualy 80)
    In Internal Port number for this service, type the port number that the service on your network is using. (80 too)
    Click either TCP or UDP. (TCP)
    do this for each IP you own.
    0
     
    LVL 2

    Author Comment

    by:hhp001
    WeHe,

    Thanks for that but it does not work!  Now you try to add another service to the list.  Call it whatever you want, use a different IP address and use TCP 80 for both Ext and Int.  It will NOT allow you to do this.

    H.
    0
     
    LVL 1

    Expert Comment

    by:NchMch
    Hm... Could you try using WFetch ( from IIS 6 Resource Kit - http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en ), enable everything on Filter under Settings (CTRL+S), and tell us what you get?
    0
     
    LVL 11

    Accepted Solution

    by:
    found something for you:
    Newsgroups: microsoft.public.windows.server.networking
    The problem is that you're trying to accomplish something
    that ICF cannot handle...
    ICF is primarily meant to be used on a workstation for
    added security, not on a multihomed server.
    The answer you're looking for is quite close to the ICF
    but called "Routing and Remote Access" Under
    Administrative tools.
    You can search your documentation (Windows HELP)
    for "Basic Firewall" without the quotes for more
    information.
    The trick is to enable routing and remote access, only
    NAT/Basic firewall components in it and then configure the
    firewall.. The options in there are pretty much the same
    then in ICF but you'll have a lot more control over how
    you want the packets to be handled. Including private port
    you want the service to be assigned. If you use either of
    your public ports as the private port for your service,
    it'll be mapped onto it.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Learn The Basics of Ethical Hacking & Pen Testing

    Computer and network security is one of the fastest growing and most essential industries in technology, meaning companies will pay big bucks for ethical hackers. This is the perfect course to leap into this lucrative career, learning how to use ethical hacking to reveal ...

    I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now