Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How can I open public access to internal websites

Posted on 2009-07-12
9
Medium Priority
?
598 Views
Last Modified: 2013-11-16
I have 3 internal websites on 3 different machines. They are working fine as long as they are accessed internally. I want to open access to them from outside (public internet) for my boss. To do so, I have opened port 80 on the firewall and redirect my firewall's IP address to the internal IP address of the first web server.

This configuration is working fine, and my boss can get access to the first internal websites. Now I want to open access to the second web server, but I can not redirect the same IP/Port number to the second web server machine. What I did, I created a virtual directory on the IIS of the first web server and redirected it to the second web server. But the problem is when my boss uses, say, http://PUBLIC_IP/VIRTUAL_DIRECTORY, he receives a "Page not found" error, becasue IIS is returning an internal web address.

How can I open access to the second and third websites, without assigning different public IP addresses to them. I want my boss use same IP address with different "slash" names to get access to each web site.
0
Comment
Question by:behterami
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 24837208
you need an reverse proxy webserver for this.

Checkout: http://www.visolve.com/squid/whitepapers/reverseproxy.php for details.

This is the current version of squid for windows: http://squid.acmeconsulting.it/

Tolomir






0
 

Author Comment

by:behterami
ID: 24837251
Hi Tolomir. Thank you for your comment.

I have a ISA 2006 machine in my LAN acting as a WebProxy-only; i.e. it has only one NIC connected to the LAN. Can I configure ISA so that it plays a reverse-proxy role as well? If yes, how? This way, I reconfigure firewall so that it forwards HTTP request on a special port to the internal IP address of ISA. and configure ISA so that it forwards HTTP requests on that special port to the web server's IP address on port 80. does this scenario make sense?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 24837288
Take a look at:

Step 2.1. Configure a Reverse Proxy
http://technet.microsoft.com/en-us/library/bb663639.aspx

This should explain it.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:behterami
ID: 24837406
That article shows that I can use a single NIC ISA server as a reverse-proxy. That's good. Now the question is how I can set it up to resolve my problem. Can I configure it so that it forwards both IP and port to some thing different?

For example, if client enters x.x.x.x:pppp in the browser, can I configure ISA so that it forwards the request to y.y.y.y:nnnn (note that both IP and port have been changed)?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 24837418
no you should use a name like

mywebserver.com/website1
mywebserver.com/website2
mywebserver.com/website3


the reverse proxy redirects this request to

internal-server-a/website1
internal-server-b/website2
internal-server-c/website3

I did never setup such an isa proxy, I could just help you with apache, sorry.

Tolomir


0
 
LVL 27

Expert Comment

by:Tolomir
ID: 24837421
0
 

Author Comment

by:behterami
ID: 24837442
I think reverse proxy is not a solution. What I want is a way to forward both IP/port to a different IP/port.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 24837453
Well you cannot redirect 1 ip + 1 port to 2 different ips or ports.

you could redirect 1 ip with 3 different ports to 3 webservers with port 80

Otherwise you have to stick with reverse proxy. (A reverse proxy translates internal names to external resources and vice versa)
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 1500 total points
ID: 24837455

Web Publishing Rules are used to publish Web sites and services. Web Publishing is sometimes referred to as reverse proxy. When you publish a Web site, the ISA firewall's Web Proxy filter always intercepts the request and then proxies the request to the Web site published by the Web Publishing Rule.
Web Publishing Rules include the following features:
  • Provide proxied access to Web sites protected by the ISA firewall  
  • Perform application layer inspection of connections made to published Web sites  
  • Path redirection  
  • Pre-authentication of connections made to published Web sites (Forward Basic authentication credentials)  
  • Delegation of user credentials  
  • Reverse Caching of published Web sites  
  • Ability to publish multiple Web sites with a single IP address  
  • Ability to re-write URLs returned by the published Web site using the ISA firewall's Link Translator  
  • Support for forwarding either the ISA firewall's IP address, or the original client's IP address to the Web site  
  • Support for SecurID and RADIUS One-time Password authentication (two factor authentication)  
  • Support for RADIUS and LDAP authentication  
  • Ability to schedule when connections are allowed to Published Web sites  
  • Port and Protocol Redirection
       
http://www.isaserver.org/tutorials/ISA-2006-Firewall-Web-Publishing-Rules.html
0

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question