I have a website hosted in my SBS 2003 using IIS 6. I want to deny access to all the computers except a set of static IP addresses. I put restrictions under directory security for the website and aloow the addresses but in sbs the IP addresses that hit the website are converted to the internal IP of my server so everything is denied. If I add the internal IP to the granted access anybody can see the website. I am not an expert in iis or sbs and I don't know what to change to have iis get the real IP instead of the internal IP so I can restrict the access to the website.
Any help will be great.