[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5726
  • Last Modified:

Website and Webmail not accessible externally, but ok internally

Not sure what's going on here.  I can access my company's website and Webmail internally from the server and the clients, but cannot access either from outside of the LAN.  I have gone over all of the IIS settings and everything seems in order.  I have restarted the IIS service, and the DNS server and client services. Everything else is working fine.

There are 2 NIC's on the server. each with it's own IP address.  The default website is assigned to one, and the company website is assigned to the other.   I can ping both IP's from home, but the website and Webmail will not come up.  I also have no problem logging into the server with remote access using the same IP that the website uses.
0
richivey
Asked:
richivey
  • 7
  • 6
  • 2
  • +4
1 Solution
 
xrokCommented:
Ports need to be open on Router
0
 
martintechCommented:
Assuming that you router and aliases are set up correctly, when you try to access the sites externally does the error state that "page cannot be displayed" or "you do not have permission to acces this server"?
0
 
GenexenCommented:
check your host headers for each website in IIS.

What is your IP space like?  As xrok suggested, are you behind a router/NAT device?  If so you will need to forward 80/http and possibly other ports to your server(s).
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
richiveyAuthor Commented:
This was all working correctly until this morning.  As far as I know, nothing has changed to cause this to happen.  The router and aliases should be setup correctly.

When I try to access externally, I get the message "page cannot be displayed".

I'm not sure how to check the host headers for the websites in IIS.

I'm about to go to sleep so that I can get started on this early tomorrow morning, so any suggestions overnight will be greatly appreciated, although I may not respond until tomorrow. Thanks.
0
 
GenexenCommented:
well if everything was working before, make sure that whoever is hosting your DNS records for these servers has the correct aliases.  Do an nslookup from home/another site to make sure they're resolving correctly.  I suspect they are because you are getting the "page cannot be displayed" which indicates that you are at least getting to the server.

Here's a howto on setting up host headers:  http://www.visualwin.com/host-header/

Also check your directory permissions.  Make sure that the iusr_servername and any other required accounts have the appropriate level of access to the website directories.

0
 
rindiCommented:
Did this work previously or is this a new installation? If it previously worked, backstep your steps for things you or your company has changed recently. You could also poste such changes here.

If you enter the ip address of those webservers (not www.yourhost.com, but xxx.xxx.xxx.xxx) does your site show up then? Also make sure the Official DNS servers for your site are pointing to the IP addresses of your servers. Those DNS servers you should find via the registrar where you originaly registered your site with.
0
 
martintechCommented:
Any kind of new software firewall installed recently (or service pack), or an old one that could have been tweeked back on?   Try temporarily disabling routing and remote access.   Make sure that each IIS is using the correct ip's and try switching too "any available ip address" as opposed to your static ip's.  (As remote access might have binded these).  I would also try temporarily disabling dns.  Its ARP cache seems good for your local lan but might be the culprit.
0
 
Cyber-DudeCommented:
What is the OS that you are using (IIS 5 or 6)? do you use any Firewall system?

Is the schema looks like this?
                               |=====|
                               |Server  |
                               |=====|
===      =====       |           |          ===
LAN===WEB Site===            =====WAN
===      =====                               ===

Cyber
0
 
richiveyAuthor Commented:
If I enter the IP address of the server from home, i get "Under Construction" message.  If I type in the www.site-name.com, I get "The page cannot be displayed".

I have checked the directory permissions and it all seems to be correct.  I already had Everyone listed with Read permissions.  This should allow access, right?  I also added the iusr account to the permissions with read permissions.

This did previously work.  I have had no problems until yesterday.  The only thing that I know that I did yesterday was I accidentally deleted the Everyone permission, but then I added it right back in about 20 minutes later.  After messing around with IIS settings, IP adresses, and restarting DNS and IIS services, it started working from the erver and internal clients, but still no access from the outside.

DNS servers are pointing to the correct IP addresses.  No new software or configuration changes recently to t he server.
0
 
rindiCommented:
Did you add the "anonymous" user? The "everyone" user is for any user logged on, but internet users normally aren't logged on, so you'd need redaing rights for anonymous users. You probably also have a virtual website on your server with the "under construction" page. Look for this directory and compare the user rights you have set for that page with your normal website.
0
 
richiveyAuthor Commented:
Here's a little more background on my setup:

We have 2 NIC's on the server. The default website is assigned to 192.168.1.10, which is the 1st adapter.  Our company website is assigned to 192.168.1.11, which is the 2nd adapter.

When it is setup this way, I can access the website internally by using the IP address.  Using the IP address externaly, sometimes the website comes up ok and sometimes it says "Under Construction". Using website name,  I can access internally, but externally I get "The page cannot be displayed".  I cannot access Webmail from anywhere.
0
 
rindiCommented:
It is probably not called "anonymous user", but rather "Internet Guest Account".
0
 
richiveyAuthor Commented:
I've already got the Internet Guest Account  listed.
0
 
rindiCommented:
And, your standard IP address is directed to "default website" on your server. Most probably, if you enter "localhost" int the address bar of your server's browser, you'll pribably also see this Under Constructuin site. It normally is the ..\wwwroot directory on your server which contains this inder construction document.
0
 
rindiCommented:
What about the IIS_WPG group? Just compare the virtual path of your homepage permissions with those of the default directory above...
0
 
xrokCommented:
>>When it is setup this way, I can access the website internally by using the IP address.  Using the IP address externaly, sometimes the website comes up ok and >>sometimes it says "Under Construction". Using website name,  I can access internally, but externally I get "The page cannot be displayed".  I cannot access Webmail >>from anywhere.

"Under Construction" is default page from IIS
Right click the website (IIS) -> Property -> Ip Address ; Where is this pointing to
Make sure you do not have duplicate assigned IP Address

>> Using website name,  I can access internally, but externally I get "The page cannot be displayed".  
Ping WebSitename from your home and see if its point to server public IP address.

On the Router
Make sure you have all correct ports point to 192.168.1.11 not 192.168.1.10

Local you should able to use either IP (192.168.1.10 and 192.168.1.11) to access.



0
 
Cyber-DudeCommented:
OK
Can you post the results of the following command? It will shed more light:

Enter command prompt and type the following:

route print

This will allow us to diagnose the gateway and route configuration; you may need to add a route.

Cyber
0
 
richiveyAuthor Commented:
Here is the route table:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 02 b3 ed 5e ae ...... Intel(R) PRO/100 S Server Adapter
0x10004 ...00 c0 9f 35 28 44 ...... Intel(R) PRO/1000 MT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.10     192.168.1.10     20
      192.168.1.0    255.255.255.0     192.168.1.11     192.168.1.11     20
     192.168.1.10  255.255.255.255        127.0.0.1        127.0.0.1     20
     192.168.1.11  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255     192.168.1.10     192.168.1.10     20
    192.168.1.255  255.255.255.255     192.168.1.11     192.168.1.11     20
        224.0.0.0        240.0.0.0     192.168.1.10     192.168.1.10     20
        224.0.0.0        240.0.0.0     192.168.1.11     192.168.1.11     20
  255.255.255.255  255.255.255.255     192.168.1.10     192.168.1.10      1
  255.255.255.255  255.255.255.255     192.168.1.11     192.168.1.11      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\Administrator>
0
 
dlonganCommented:
What does nslookup say for the DNS records for your external FQDN's - Are they the correct external IP address? if so check the router/firewall port forwarding to ensure they are still setup correctly also.  What make model router are you using?  I seen people make changes and don't "write" the parameters to NVRAM.  Of course depends on make/model of router.

Also if you trying to use Outlook Web Access - remember you need to append "exchange" to the end of your FQDN in the browser or you can get "site under construction", this is of course if you haven't done the redirection.
0
 
rindiCommented:
I've seen routers where the changes only went active when you restarted the router. Bur still, since you didn't change anything except the security settings, I'd compare the settings you have on the default webpage which directs you the construction site. As you can access that from the outside your router settings seem to work.
0
 
richiveyAuthor Commented:
This problem went away this afternoon as mysteriously as it appeared.  The only thing that I can think of is that maybe there was some problem with the DNS server at NetworkSolutions.

I'll leave this open for a day or so while I monitor my system, and if all is well I'll close this out properly and award points for those who helped the most.

Thanks.
0
 
rindiCommented:
Thanx, too.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 7
  • 6
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now