Multiple public IP addresses on single interface with ICF turned on.

Hi friends,

I have a hosted server with a single interface that has multiple public IP addresses assigned to that interface.  The ICF is turned on for that interface with port 80 opened to the interface.

In IIS I have created a new website which is mapped to one of the public IP addresses, and is hosted on port 80.  Why can I NOT see my default web page when I try to access it from any computer?  In the ICF logs, it shows that a connection is made to the public IP address for that web page but no entry exists for the IIS logs for that website.  What am I doing wrong?  Or is it that ICF does not support multiple public IP addresses on an interface?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Did you make sure you allowed IIS to listen on this IP?

To do so, run the IIS Manager (Start -> Administrative Tools -> Internet Information Services (IIS) Manager).  Then, go to "Web sites" (on the left pane), click on "Default Web Site" (and/or whichever other site you have), and a new window shoud pop up - "SITENAME Properties". Go to "Web Site" tab, and under "Web site identification" there will be "IP address" and "TCP port" options - as for the first one, there's [Advanced...] button next to it - click it - you will be able to modify "Multiple identities for this Web site" - I guess that's what you're looking for :]
hhp001Author Commented:
Hi Thanks for your reply but that is not what I require.  I do not want one site to be hosted with multiple IP addresses.

Each web site in IIS has a one to one mapping to each IP address on the public interface.  My setup is this:

NIC IP addresses
   --- etc

   --- -
   --- -
   --- -

On ICF port 80 is open for the entire network adapter.  There is no option in ICF to open particular IP addresses singularly.  Also if I Add another TCP 80 to the Services list and point it to one of the other IP addresses it says "The port number is already used by another service.  Please use a unique port number.

I guess you can't use ICF for this purpose.

Can anyone recommend a good software based firewall that supports multiple public IP addresses?

You have to add a service definition for each IP Address.
To add a service definition:
Open Network Connections
Click the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
On the Advanced tab, click Settings.
On the Services tab, click Add and enter all of the following information:
In Description of service, type an easily recognized name for the service.
In Name or IP address of the computer hosting this service on your network, type the name or IP address of the computer that runs the service (one of your internet IP's).
In External port number for this service, type the port number that external computers will use to contact this service. (usualy 80)
In Internal Port number for this service, type the port number that the service on your network is using. (80 too)
Click either TCP or UDP. (TCP)
do this for each IP you own.
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

hhp001Author Commented:

Thanks for that but it does not work!  Now you try to add another service to the list.  Call it whatever you want, use a different IP address and use TCP 80 for both Ext and Int.  It will NOT allow you to do this.

Hm... Could you try using WFetch ( from IIS 6 Resource Kit - ), enable everything on Filter under Settings (CTRL+S), and tell us what you get?
found something for you:
The problem is that you're trying to accomplish something
that ICF cannot handle...
ICF is primarily meant to be used on a workstation for
added security, not on a multihomed server.
The answer you're looking for is quite close to the ICF
but called "Routing and Remote Access" Under
Administrative tools.
You can search your documentation (Windows HELP)
for "Basic Firewall" without the quotes for more
The trick is to enable routing and remote access, only
NAT/Basic firewall components in it and then configure the
firewall.. The options in there are pretty much the same
then in ICF but you'll have a lot more control over how
you want the packets to be handled. Including private port
you want the service to be assigned. If you use either of
your public ports as the private port for your service,
it'll be mapped onto it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.