We help IT Professionals succeed at work.

IIS 6 - local (VPN) access is fine but cannot address the site by publicIP

Beamson asked
I'm probably missing something really obvious but can't spot it.

I've got an IIS6 / Windows 2003 web server running about 20 (mostly redundant) sites.
I've just set up new website on IIS which I'd like to temporarily serve on port 1023 until I get a domain name set up.

On the server, I can view a test page on http://localhost:1023/test.htm
On my PC, I can also view the test page if I have a VPN conection and browse to http://[MyRemoteServersLocalIP]:1023/test.htm

However, I cannot access the site (without the VPN) via the server's public IP.  http://[publicIP]:1023/test.htm All I get is the "Oops! Internet Explorer could not connect to ..." message.

Just as a check, I tried a different port number on the same server and happily get pages from another web site on the same server.  So DNS seems to be working okay.

Any ideas?

I'm not sure what else to check.
The NTFS folder permissions seem to be correct  (IUSR_myservername)
Everything looks okay in IIS.
The site hosts fine in localhost or when connected via VPN.
Watch Question

Your Internet gateway needs to be configured to port forward the specified port. When you try to access your website through your public IP, your internet gateway goes thorugh its acl and when it finds the rule which says "everything that arrives to port e.g. 1023, send to this local ip", your other ports are probably configured, but the port 1023 isn't.
Could you check whether you able to access the default port


if possible then enable the port 1023 for the public access in the machine


The port forwarding on the gateway is something I kind of take for granted, though I dimly remember this was "secured" at some point in its history - I'll check with our IT support people and check this.  (might take a few days)

It's simply like this:

Your internet gateway must be aware that you have server which accepts service on a certain port. So when you configure your IIS to listen on 1023, thats fine for the clients from your local network, because they know how to get to your server's IP address, and when they get there, the server will serve web sites for all configured ports. This works for VPN too, because when you connect through VPN, you become a part of your local network, either NAT'ed or Routed, you will reach your server on the same address as if you are connected to your local network.

The problem here is when you try to reach your server via your Public IP, then when your request reaches your external interface on the internet gateway, it needs to know what to do with it, otherwise the packet will be dropped. When you have port forwarded, your gateway will forward request to the address of your IIS server.

P.S. Besides port forwarding, your network administrator needs to create a rule to allow that type of traffic (e.g. from anywhere to TCP port 1023 to <your IIS IP>).


Yes, I reused a port code which I KNOW was cleared through the gateway and the site is now available.