Solved

SBS 2008 IIS Redirection to other internal appliance

Posted on 2011-02-17
13
789 Views
Last Modified: 2012-05-11
SBS 2008 Std.
Can I create a virtual directory under the remote.domain.com/appliance that would connect to another computer/device in the network on port 80?

What they have is one static IP from their ISP and they may not be able to get a second. They have a building maintenace appliance that monitors the building stuff like lights and heating on a internal IP address that can be seen from the inside. They want to see if from the outside. It also uses port 80 and can't be changed. How can I access this device through the SBS server? Thanks!
0
Comment
Question by:-Manlytrash-
  • 6
  • 5
  • 2
13 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34918675
IF the port can't be changed then it can't be done. While you can set up IIS to do redirection, you ahve to redirect somewhere accessible, which you don't have. You *cannot* setup IIS to proxy that traffic, which is what you are actually suggesting you want to do. Second IP or alternate port are the only two ways to do what you desire.
0
 

Author Comment

by:-Manlytrash-
ID: 34918889
THanks, that's what I thought but wanted to ask around.
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34935767
Through IIS you can create host headers and redirection through those.
   IIS Host headers

This is really only applicable if the websites are on the same server with the same IP.

To me this sounds like you would want to manipulate the firewall.
   You can perform port redirection.

You can have http://www.domain.com:81/ direct to the internal port of any machine.
  You would just need to set a firewall rule (port mapping/Forwarding) to allow any external traffic coming in on port 81 to be forwarded to the internal IP of the application on port 80.

And to hide all that mess you can create a /application/default.htm to redirect them to http://www.domain.com:81/

although you can use any port you desire.

I would suggest :

1) Request the Network team to set a firewall rule :
    ALL TCP inbound 81 forwards to <internal application server IP> 80
2) Create a directory in IIS /appliance
3) Use this code :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="REFRESH" content="0;url=http://remote.domain.com:81/"></HEAD>
<BODY>

</BODY>
</HTML>

Open in new window


4) Drop it live with a link to all users to goto http://remote.domain.com/appliance

If the firewall can forward it, it should work.
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34935772
Let me clarify...

And to hide all that mess you can create a /application/default.htm to redirect them to http://www.domain.com:81/

although you can use any port you desire.
You can use any port as long as it is not already in use.
0
 

Author Comment

by:-Manlytrash-
ID: 34937492
I'm not sure that will work but I'll give it a try and let you know. One thing I don't see is how IIS know's what IP/computer to look at internally?
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34940305
In this case IIS does not need to know... The Address handling is handled by the Firewall/Router that is performing port translation.  You are simply allowing anyone to hit the IIS server and be redirected to port 81, which will be pushed - By the Firewall/Router - to the appliance machine.

  You are using IIS to force people to go where you want them to.. in this case port 81 - so it can be redirected to port 80 of the other machine.

Def let us know...  and if there are problems, let us know the error.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:-Manlytrash-
ID: 34942541
But I can't change the appliance port number. So unless I can configure a proxy your suggestion won't work. SBS and the appliance both use port 80 and can't be changed.
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34942898
Let's stop thinking proxy and take a step back.
   Hopefully by answering these questions you will begin to understand what I am suggesting.
   Please answer these questions :

Do you have a router?
  What Brand and Model is it?
Do you have a firewall?
  What Brand and Model is it?

0
 

Author Comment

by:-Manlytrash-
ID: 34943584
Linksys/Cisco RV042 is the router and using the built in firewall. Ports 25, 80, 443 and 3389 are single port forwarded to the SBS box with a 192.168.200.5 address for the SBS server. The applicance has a internal IP of 192.168.200.155.
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34944175
I won't bother repeating my previous post...

Here are your steps :

1) ADD Port Forwarding
     Port 81
         port forwaring to appliance server
     192.168.200.155
    Port 80

2)  Externally you would then use:
       http://remote.domain.com:81/
 This will (via the port forwarding) send you to the application server's port 80 and open up its web page.

To make it look prettier for your clients :

   Create a directory in the IIS webroot /appliance and insert a default.htm document (assuming default.htm is one of your defaults).
   The default.htm would have this in it:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="REFRESH" content="0;url=http://remote.domain.com:81/"></HEAD>
<BODY>

</BODY>
</HTML> 

Open in new window


Tell your users to goto :
      http://remote.domain.com/appliance

This will forward them to the new address with :81 appended and in turn to the appliance server.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34946489
Just for the record, the above won't work. In SBS, remote just redirects to 443 and because of SSL you can only have one site per IP beyond that. Further, RWW...for technical reasons I won't go into here, does not use relative links in all places, so moving from 443 to a non-standard port will also not work. As I've previously posted, the solution is a second IP.,

-Cliff
0
 

Author Comment

by:-Manlytrash-
ID: 34946954
jrwarren's solution didn't work. It would look like it as IIS would give me the port 81 page but it never went anywhere after that. We've got 2 solutions in the works. One is a spare pc that they can RDP into and then hit the internal website of the appliance. The other is a second IP from their ISP. I've brought up the fact that they didn't get a few static IP's to begin with but this is a small time ISP.

Accepting cgaliher's solution.
0
 
LVL 7

Expert Comment

by:jrwarren
ID: 34947895
The solution will work.  SBS2008 networks are capable fo doing such.   We have the same scenario working at several client sites.  Why it does not work for you, could be configuration, software or even hardware incompatibilities.

   I am sorry to hear that this did not work for you, but it does work if redirected via the firewall/router level.   Best of luck.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now