DNS and Port forwarding

I have a web server that is internal. I need to change the port that traffic gets to it on as another service (OWA) is now using it's port (443). I want to use 4443 instead. My problem is when i change it on the server (IIS) and the firewall I can get access externally but internally it goes, I know this is simple but i don't know the answer yet. Can you advise what i need to change to keep tell the internal access to go through port 4443 instead of 443 (that's the only thing that can be stopping me and that's the change of port on IIS)
ItomicltdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PapertripCommented:
Port forwarding and DNS are not related.

When you goto http://yourwebsite.com:4443 from internal what exactly happens?  Are you able to telnet to port 4443 from internal?
0
AlanConsultantCommented:
Hi Itomicltd,

I would suggest you put a shortcut / bookmark to your internal webserver on each machine that points to:

http://webserver:4443

where 'webserver' could be the local hostname of the webserver (set up in DNS already), or you could just substitute the actual local IP address.

I would suggest the former, as that will mean that if you ever want to change the IP of the webserver, you can do that, and just update internal DNS, and all the shortcuts / bookmarks will still work.

HTH,

Alan.
0
Renato Montenegro RusticiIT SpecialistCommented:
Add two new IP addresses: one public and one internal. Create a new NAT. Bind each web site to it's IP address and reconfigure the new addresses in DNS.

<public ip address 1> ---- NAT ---> <internal ip address 1> ---> OWA
<public ip address 2> ---- NAT ---> <internal ip address 2> ---> The other application
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

ItomicltdAuthor Commented:
Ok. I have figured a few things out. Firstly, i have asked for port 8443 be opened on the main Cisco Firewall. (they willl only allow me use this port) and i have done the same on my fortigate firewall (which sits network between the network and the Cisco) I have natting in place to point any traffic on port 8443 coming into the IP to be redirected to the Webserver. The odd thing now is that when i make the change in IIS to port 8443 (SSL) i get redirected to a "These are not the droids you are looking for Image" ......any ideas?
0
AlanConsultantCommented:
Hi Itomicltd,

Sounds like things have changed?

In your original post, you said that by changing the firewall settings, you could get it to work from externally, but it wasn't working internally.

Now you are saying that it doesn't work from externally?

Did what I suggested above (now using the revised port number, point your browser to http://webserver:8443) get it to work internally?

Thanks,

Alan
0
ItomicltdAuthor Commented:
Yes. The original setup was on a different IP and port number. Both these things have changed now and by all accounts the address i have with the https://webserver:8443 at the end should bring me to my site but it just brings me to this weird page. Internally using the https://webserver:8443 it's all ok... Confused !
0
AlanConsultantCommented:
Hi Itomicltd.

https://webserver:8443 will not work from outside as the hostname 'webserver' will not (likely) resolve outside of your LAN.

However, at least we now have you being able to access the site internally.

Now, to get it working outside, try this:

1) Find your external IP address (you can do that by going here:  http://www.whatismyip.com/) from INSIDE your LAN.

2) From OUTSIDE (not inside your LAN) go to:

https://ExternalIPAddress:8443

where you substitute your external IP address for ExternalIPAddress, so it would look something like (but not this):

https://1.2.3.4:8443

If your firewall is set up to pass through traffic on port 8443 to the webserver inside your LAN, it should hopefully work.

Thanks,

Alan.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ItomicltdAuthor Commented:
Hi Alan,

Yes this worked.

Internal - https://servername:8443/eportal worked.
External - https://ExternalIP:8443/eportal worked.

The next step is to get their website to reflect this when they click on the link. they have a website with this link on it, but now obviously the link won't work since we changed it. What do i get the website admins to change it to since it accesses differently (with different URLS) from outside and inside site.

I know this is confusing but when i said earlier accessing a web site i meant this Eportal thing which sits inside their network. They use it internally and externally and always use the link on the website.
0
AlanConsultantCommented:
Hi Itomicltd,

I suggest the following:

1) Setup an EXTERNAL (publc) DNS record (say, eportal.somedomain.com) pointing to your external IP address.  Your domain registrar may host your DNS, or you might have it elsewhere (or it could even be self hosted).  Wherever it is, you need to get a record added.  You might want to set this up as a CNAME and link it to some pre-existing record that points to your external IP address - makes management easier generally.

2) Setup an INTERNAL DNS record (also eportal.somedomain.com) pointing to the internal IP address.

3) Put a shortcut / bookmark on each machine pointing to:

https://eportal.somedomain.com:8443/eportal


That link should now work wherever the machine is located (assuming it has a network connection!)

Alan.
0
AlanConsultantCommented:
Hi,

Probably obvious, but that URL (https://eportal.somedomain.com:8443/eportal) can also be put on their website too as per your previous post.

Alan.
0
ItomicltdAuthor Commented:
Alan,

thanks for your perseverance with me on this one. It works! I am getting the website to change the link now. Great job and thanks for your help mate.

p
0
AlanConsultantCommented:
No problem - glad to hear its all sorted!

Thanks,

Alan.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.