Accessing IIS 7 Site Outside LAN

I am in the middle of transitioning from Windows SBS 2003 R2 to Exchange 2007 SP1 on a Server 2008 box with SBS 2003 as ADDC running IIS 5.0.  The SBS 2003 box runs our public site, our intranet (integrated Sharepoint 2.0), backups, antivirus, etc.  I also have a Transition pack for the SBS 2003, but don't want to transition it until I have successfully offloaded our e-mail to the new Exchange 2007 server.

Problem: I have been reading about a lot of issues with OWA (which about half our staff uses) when it is used in a Interop environment like this.  To try to avoid some of these issues, I thought I would just move the web server role to our new Exchange box, thus gaining the benefits of IIS 7.0.  I realize this is not a recommended scenario, but I am working on convincing mgmt that we need another server sometime next year to put the public site on and maybe run as an Edge Transport server.  We're not a heavy-traffic site, so it's not a big security threat (no more than running everything from one SBS server before, at least).

It seems to work beautifully from inside our LAN.  Even laptops that aren't joined to the domain can access the public site via FQDN or IP address while connected to our LAN.  But from outside the LAN, I can only get timeouts via either method (domain name or IP).

Details: Our domain name is directed to a static IP provided by our ISP.  That static IP hits a router in my server room where I forward ports 80 and 443 to my webserver.  When I forward them to the SBS 2003 box, the site loads fine - internal, external, the moon (I presume) - it runs like a champ.  When I forward them to the same site (copied contents to wwwroot on the new box) on my 2008 Server, it works from within the LAN, but not from outside.  

I have thoroughly examined permissions, authentication settings, access accounts, and everything else I can think of to figure out why one works and the other doesn't.  

Tracert from an external PC shows exactly the same results to either end machine.  

I am using an AD account from the SBS 2003 machine for access - the Internet Guest Account (IUSR_<DEVICE>) - I have added the domain/account to the local users of the 2008 box as a member of IIS_IUSRS group (tried as an Administrator also).  The Internet Guest Account (domain/account) has also been added to the Anonymous Authentication credentials in IIS 7 for the default site and the entire server.

The firewall on Server 2008 has rules allowing inbound HTTP & HTTPS traffic.

Like I said, it works fine internally, but times out externally.  Any suggestions of what else could be causing this would be most appreciated.  I am attaching some screen shots from the 2008 server.
scrAuthenticSite.jpg
scrCredent.jpg
scrFirewall.jpg
scrWWWroot.jpg
scrTest.jpg
InterMountainMgmtAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

InterMountainMgmtAuthor Commented:
Forgot to mention, this public site is nothing fancy.  Only serving html pages with a little Flash here and there.
InterMountainMgmtAuthor Commented:
Oh yeah, I also tried with the Authentication credentials for anonymous access set to "Application Pool".  No luck that way either.
Turned off the Windows Firewall completely also.  Still no external connectivity.
meverestCommented:
hi,

if it works fine in the lan but times out externally, then it is not an IIS issue, it is a network problem.

when accessing from the outside, can you ping the server?  when you try to ping using the hostname, does it resolve to the right ip address?  when you try to ping the ip address, does it time out?  When you try a traceroute (tracert) how far do you get before it fails?

did this even work before the changes were made?

cheers.
Jones911Commented:
Is the default gateway on the Server set to the routers IP?  It might not know how to get back out onto the net?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
InterMountainMgmtAuthor Commented:
OMG.  Was it really that easy?  Of course, I overlook the simplest things.  Jones911 - you hit the nail on the head.  There are two NICs connected, and only one had a default gateway set.  All other info on the NIC properties was identical - IP addresses one number apart, everything else correct.  But one didn't have anything in default GW.  

Now it works splendidly.  Thanks so much.  I never would have thought to trace the problem to the NIC GW.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.