SBS 2008 IIS Redirection to other internal appliance

SBS 2008 Std.
Can I create a virtual directory under the remote.domain.com/appliance that would connect to another computer/device in the network on port 80?

What they have is one static IP from their ISP and they may not be able to get a second. They have a building maintenace appliance that monitors the building stuff like lights and heating on a internal IP address that can be seen from the inside. They want to see if from the outside. It also uses port 80 and can't be changed. How can I access this device through the SBS server? Thanks!
-Manlytrash-Asked:
Who is Participating?
 
Cliff GaliherConnect With a Mentor Commented:
IF the port can't be changed then it can't be done. While you can set up IIS to do redirection, you ahve to redirect somewhere accessible, which you don't have. You *cannot* setup IIS to proxy that traffic, which is what you are actually suggesting you want to do. Second IP or alternate port are the only two ways to do what you desire.
0
 
-Manlytrash-Author Commented:
THanks, that's what I thought but wanted to ask around.
0
 
jrwarrenCommented:
Through IIS you can create host headers and redirection through those.
   IIS Host headers

This is really only applicable if the websites are on the same server with the same IP.

To me this sounds like you would want to manipulate the firewall.
   You can perform port redirection.

You can have http://www.domain.com:81/ direct to the internal port of any machine.
  You would just need to set a firewall rule (port mapping/Forwarding) to allow any external traffic coming in on port 81 to be forwarded to the internal IP of the application on port 80.

And to hide all that mess you can create a /application/default.htm to redirect them to http://www.domain.com:81/

although you can use any port you desire.

I would suggest :

1) Request the Network team to set a firewall rule :
    ALL TCP inbound 81 forwards to <internal application server IP> 80
2) Create a directory in IIS /appliance
3) Use this code :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="REFRESH" content="0;url=http://remote.domain.com:81/"></HEAD>
<BODY>

</BODY>
</HTML>

Open in new window


4) Drop it live with a link to all users to goto http://remote.domain.com/appliance

If the firewall can forward it, it should work.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
jrwarrenCommented:
Let me clarify...

And to hide all that mess you can create a /application/default.htm to redirect them to http://www.domain.com:81/

although you can use any port you desire.
You can use any port as long as it is not already in use.
0
 
-Manlytrash-Author Commented:
I'm not sure that will work but I'll give it a try and let you know. One thing I don't see is how IIS know's what IP/computer to look at internally?
0
 
jrwarrenCommented:
In this case IIS does not need to know... The Address handling is handled by the Firewall/Router that is performing port translation.  You are simply allowing anyone to hit the IIS server and be redirected to port 81, which will be pushed - By the Firewall/Router - to the appliance machine.

  You are using IIS to force people to go where you want them to.. in this case port 81 - so it can be redirected to port 80 of the other machine.

Def let us know...  and if there are problems, let us know the error.
0
 
-Manlytrash-Author Commented:
But I can't change the appliance port number. So unless I can configure a proxy your suggestion won't work. SBS and the appliance both use port 80 and can't be changed.
0
 
jrwarrenCommented:
Let's stop thinking proxy and take a step back.
   Hopefully by answering these questions you will begin to understand what I am suggesting.
   Please answer these questions :

Do you have a router?
  What Brand and Model is it?
Do you have a firewall?
  What Brand and Model is it?

0
 
-Manlytrash-Author Commented:
Linksys/Cisco RV042 is the router and using the built in firewall. Ports 25, 80, 443 and 3389 are single port forwarded to the SBS box with a 192.168.200.5 address for the SBS server. The applicance has a internal IP of 192.168.200.155.
0
 
jrwarrenCommented:
I won't bother repeating my previous post...

Here are your steps :

1) ADD Port Forwarding
     Port 81
         port forwaring to appliance server
     192.168.200.155
    Port 80

2)  Externally you would then use:
       http://remote.domain.com:81/
 This will (via the port forwarding) send you to the application server's port 80 and open up its web page.

To make it look prettier for your clients :

   Create a directory in the IIS webroot /appliance and insert a default.htm document (assuming default.htm is one of your defaults).
   The default.htm would have this in it:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="REFRESH" content="0;url=http://remote.domain.com:81/"></HEAD>
<BODY>

</BODY>
</HTML> 

Open in new window


Tell your users to goto :
      http://remote.domain.com/appliance

This will forward them to the new address with :81 appended and in turn to the appliance server.
0
 
Cliff GaliherCommented:
Just for the record, the above won't work. In SBS, remote just redirects to 443 and because of SSL you can only have one site per IP beyond that. Further, RWW...for technical reasons I won't go into here, does not use relative links in all places, so moving from 443 to a non-standard port will also not work. As I've previously posted, the solution is a second IP.,

-Cliff
0
 
-Manlytrash-Author Commented:
jrwarren's solution didn't work. It would look like it as IIS would give me the port 81 page but it never went anywhere after that. We've got 2 solutions in the works. One is a spare pc that they can RDP into and then hit the internal website of the appliance. The other is a second IP from their ISP. I've brought up the fact that they didn't get a few static IP's to begin with but this is a small time ISP.

Accepting cgaliher's solution.
0
 
jrwarrenCommented:
The solution will work.  SBS2008 networks are capable fo doing such.   We have the same scenario working at several client sites.  Why it does not work for you, could be configuration, software or even hardware incompatibilities.

   I am sorry to hear that this did not work for you, but it does work if redirected via the firewall/router level.   Best of luck.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.