I am in the middle of transitioning from Windows SBS 2003 R2 to Exchange 2007 SP1 on a Server 2008 box with SBS 2003 as ADDC running IIS 5.0. The SBS 2003 box runs our public site, our intranet (integrated Sharepoint 2.0), backups, antivirus, etc. I also have a Transition pack for the SBS 2003, but don't want to transition it until I have successfully offloaded our e-mail to the new Exchange 2007 server.
Problem: I have been reading about a lot of issues with OWA (which about half our staff uses) when it is used in a Interop environment like this. To try to avoid some of these issues, I thought I would just move the web server role to our new Exchange box, thus gaining the benefits of IIS 7.0. I realize this is not a recommended scenario, but I am working on convincing mgmt that we need another server sometime next year to put the public site on and maybe run as an Edge Transport server. We're not a heavy-traffic site, so it's not a big security threat (no more than running everything from one SBS server before, at least).
It seems to work beautifully from inside our LAN. Even laptops that aren't joined to the domain can access the public site via FQDN or IP address while connected to our LAN. But from outside the LAN, I can only get timeouts via either method (domain name or IP).
Details: Our domain name is directed to a static IP provided by our ISP. That static IP hits a router in my server room where I forward ports 80 and 443 to my webserver. When I forward them to the SBS 2003 box, the site loads fine - internal, external, the moon (I presume) - it runs like a champ. When I forward them to the same site (copied contents to wwwroot on the new box) on my 2008 Server, it works from within the LAN, but not from outside.
I have thoroughly examined permissions, authentication settings, access accounts, and everything else I can think of to figure out why one works and the other doesn't.
Tracert from an external PC shows exactly the same results to either end machine.
I am using an AD account from the SBS 2003 machine for access - the Internet Guest Account (IUSR_<DEVICE>) - I have added the domain/account to the local users of the 2008 box as a member of IIS_IUSRS group (tried as an Administrator also). The Internet Guest Account (domain/account) has also been added to the Anonymous Authentication credentials in IIS 7 for the default site and the entire server.
The firewall on Server 2008 has rules allowing inbound HTTP & HTTPS traffic.
Like I said, it works fine internally, but times out externally. Any suggestions of what else could be causing this would be most appreciated. I am attaching some screen shots from the 2008 server.