Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Multiple public IP addresses on single interface with ICF turned on.

Posted on 2004-10-26
Medium Priority
Last Modified: 2008-02-01
Hi friends,

I have a hosted server with a single interface that has multiple public IP addresses assigned to that interface.  The ICF is turned on for that interface with port 80 opened to the interface.

In IIS I have created a new website which is mapped to one of the public IP addresses, and is hosted on port 80.  Why can I NOT see my default web page when I try to access it from any computer?  In the ICF logs, it shows that a connection is made to the public IP address for that web page but no entry exists for the IIS logs for that website.  What am I doing wrong?  Or is it that ICF does not support multiple public IP addresses on an interface?

Question by:hhp001
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Expert Comment

ID: 12411526
Did you make sure you allowed IIS to listen on this IP?

To do so, run the IIS Manager (Start -> Administrative Tools -> Internet Information Services (IIS) Manager).  Then, go to "Web sites" (on the left pane), click on "Default Web Site" (and/or whichever other site you have), and a new window shoud pop up - "SITENAME Properties". Go to "Web Site" tab, and under "Web site identification" there will be "IP address" and "TCP port" options - as for the first one, there's [Advanced...] button next to it - click it - you will be able to modify "Multiple identities for this Web site" - I guess that's what you're looking for :]

Author Comment

ID: 12411661
Hi Thanks for your reply but that is not what I require.  I do not want one site to be hosted with multiple IP addresses.

Each web site in IIS has a one to one mapping to each IP address on the public interface.  My setup is this:

NIC IP addresses
   --- etc

   --- apple.com -
   --- banana.com -
   --- pear.com -

On ICF port 80 is open for the entire network adapter.  There is no option in ICF to open particular IP addresses singularly.  Also if I Add another TCP 80 to the Services list and point it to one of the other IP addresses it says "The port number is already used by another service.  Please use a unique port number.

I guess you can't use ICF for this purpose.

Can anyone recommend a good software based firewall that supports multiple public IP addresses?

LVL 11

Expert Comment

ID: 12412133
You have to add a service definition for each IP Address.
To add a service definition:
Open Network Connections
Click the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
On the Advanced tab, click Settings.
On the Services tab, click Add and enter all of the following information:
In Description of service, type an easily recognized name for the service.
In Name or IP address of the computer hosting this service on your network, type the name or IP address of the computer that runs the service (one of your internet IP's).
In External port number for this service, type the port number that external computers will use to contact this service. (usualy 80)
In Internal Port number for this service, type the port number that the service on your network is using. (80 too)
Click either TCP or UDP. (TCP)
do this for each IP you own.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 12412666

Thanks for that but it does not work!  Now you try to add another service to the list.  Call it whatever you want, use a different IP address and use TCP 80 for both Ext and Int.  It will NOT allow you to do this.


Expert Comment

ID: 12413865
Hm... Could you try using WFetch ( from IIS 6 Resource Kit - http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en ), enable everything on Filter under Settings (CTRL+S), and tell us what you get?
LVL 11

Accepted Solution

WeHe earned 200 total points
ID: 12415107
found something for you:
Newsgroups: microsoft.public.windows.server.networking
The problem is that you're trying to accomplish something
that ICF cannot handle...
ICF is primarily meant to be used on a workstation for
added security, not on a multihomed server.
The answer you're looking for is quite close to the ICF
but called "Routing and Remote Access" Under
Administrative tools.
You can search your documentation (Windows HELP)
for "Basic Firewall" without the quotes for more
The trick is to enable routing and remote access, only
NAT/Basic firewall components in it and then configure the
firewall.. The options in there are pretty much the same
then in ICF but you'll have a lot more control over how
you want the packets to be handled. Including private port
you want the service to be assigned. If you use either of
your public ports as the private port for your service,
it'll be mapped onto it.

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question