• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

DNS and Port forwarding

I have a web server that is internal. I need to change the port that traffic gets to it on as another service (OWA) is now using it's port (443). I want to use 4443 instead. My problem is when i change it on the server (IIS) and the firewall I can get access externally but internally it goes, I know this is simple but i don't know the answer yet. Can you advise what i need to change to keep tell the internal access to go through port 4443 instead of 443 (that's the only thing that can be stopping me and that's the change of port on IIS)
0
Itomicltd
Asked:
Itomicltd
1 Solution
 
PapertripCommented:
Port forwarding and DNS are not related.

When you goto http://yourwebsite.com:4443 from internal what exactly happens?  Are you able to telnet to port 4443 from internal?
0
 
AlanConsultantCommented:
Hi Itomicltd,

I would suggest you put a shortcut / bookmark to your internal webserver on each machine that points to:

http://webserver:4443

where 'webserver' could be the local hostname of the webserver (set up in DNS already), or you could just substitute the actual local IP address.

I would suggest the former, as that will mean that if you ever want to change the IP of the webserver, you can do that, and just update internal DNS, and all the shortcuts / bookmarks will still work.

HTH,

Alan.
0
 
Renato Montenegro RusticiIT SpecialistCommented:
Add two new IP addresses: one public and one internal. Create a new NAT. Bind each web site to it's IP address and reconfigure the new addresses in DNS.

<public ip address 1> ---- NAT ---> <internal ip address 1> ---> OWA
<public ip address 2> ---- NAT ---> <internal ip address 2> ---> The other application
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
ItomicltdAuthor Commented:
Ok. I have figured a few things out. Firstly, i have asked for port 8443 be opened on the main Cisco Firewall. (they willl only allow me use this port) and i have done the same on my fortigate firewall (which sits network between the network and the Cisco) I have natting in place to point any traffic on port 8443 coming into the IP to be redirected to the Webserver. The odd thing now is that when i make the change in IIS to port 8443 (SSL) i get redirected to a "These are not the droids you are looking for Image" ......any ideas?
0
 
AlanConsultantCommented:
Hi Itomicltd,

Sounds like things have changed?

In your original post, you said that by changing the firewall settings, you could get it to work from externally, but it wasn't working internally.

Now you are saying that it doesn't work from externally?

Did what I suggested above (now using the revised port number, point your browser to http://webserver:8443) get it to work internally?

Thanks,

Alan
0
 
ItomicltdAuthor Commented:
Yes. The original setup was on a different IP and port number. Both these things have changed now and by all accounts the address i have with the https://webserver:8443 at the end should bring me to my site but it just brings me to this weird page. Internally using the https://webserver:8443 it's all ok... Confused !
0
 
AlanConsultantCommented:
Hi Itomicltd.

https://webserver:8443 will not work from outside as the hostname 'webserver' will not (likely) resolve outside of your LAN.

However, at least we now have you being able to access the site internally.

Now, to get it working outside, try this:

1) Find your external IP address (you can do that by going here:  http://www.whatismyip.com/) from INSIDE your LAN.

2) From OUTSIDE (not inside your LAN) go to:

https://ExternalIPAddress:8443

where you substitute your external IP address for ExternalIPAddress, so it would look something like (but not this):

https://1.2.3.4:8443

If your firewall is set up to pass through traffic on port 8443 to the webserver inside your LAN, it should hopefully work.

Thanks,

Alan.
0
 
ItomicltdAuthor Commented:
Hi Alan,

Yes this worked.

Internal - https://servername:8443/eportal worked.
External - https://ExternalIP:8443/eportal worked.

The next step is to get their website to reflect this when they click on the link. they have a website with this link on it, but now obviously the link won't work since we changed it. What do i get the website admins to change it to since it accesses differently (with different URLS) from outside and inside site.

I know this is confusing but when i said earlier accessing a web site i meant this Eportal thing which sits inside their network. They use it internally and externally and always use the link on the website.
0
 
AlanConsultantCommented:
Hi Itomicltd,

I suggest the following:

1) Setup an EXTERNAL (publc) DNS record (say, eportal.somedomain.com) pointing to your external IP address.  Your domain registrar may host your DNS, or you might have it elsewhere (or it could even be self hosted).  Wherever it is, you need to get a record added.  You might want to set this up as a CNAME and link it to some pre-existing record that points to your external IP address - makes management easier generally.

2) Setup an INTERNAL DNS record (also eportal.somedomain.com) pointing to the internal IP address.

3) Put a shortcut / bookmark on each machine pointing to:

https://eportal.somedomain.com:8443/eportal


That link should now work wherever the machine is located (assuming it has a network connection!)

Alan.
0
 
AlanConsultantCommented:
Hi,

Probably obvious, but that URL (https://eportal.somedomain.com:8443/eportal) can also be put on their website too as per your previous post.

Alan.
0
 
ItomicltdAuthor Commented:
Alan,

thanks for your perseverance with me on this one. It works! I am getting the website to change the link now. Great job and thanks for your help mate.

p
0
 
AlanConsultantCommented:
No problem - glad to hear its all sorted!

Thanks,

Alan.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Tackle projects and never again get stuck behind a technical roadblock.
Join Now