Craig Beamson
asked on
IIS 6 - local (VPN) access is fine but cannot address the site by publicIP
I'm probably missing something really obvious but can't spot it.
I've got an IIS6 / Windows 2003 web server running about 20 (mostly redundant) sites.
I've just set up new website on IIS which I'd like to temporarily serve on port 1023 until I get a domain name set up.
On the server, I can view a test page on http://localhost:1023/test.htm
On my PC, I can also view the test page if I have a VPN conection and browse to http://[MyRemoteServersLocalIP]:1 023/test.h tm
However, I cannot access the site (without the VPN) via the server's public IP. http://[publicIP]:1023/test.htm All I get is the "Oops! Internet Explorer could not connect to ..." message.
Just as a check, I tried a different port number on the same server and happily get pages from another web site on the same server. So DNS seems to be working okay.
Any ideas?
I'm not sure what else to check.
The NTFS folder permissions seem to be correct (IUSR_myservername)
Everything looks okay in IIS.
The site hosts fine in localhost or when connected via VPN.
I've got an IIS6 / Windows 2003 web server running about 20 (mostly redundant) sites.
I've just set up new website on IIS which I'd like to temporarily serve on port 1023 until I get a domain name set up.
On the server, I can view a test page on http://localhost:1023/test.htm
On my PC, I can also view the test page if I have a VPN conection and browse to http://[MyRemoteServersLocalIP]:1
However, I cannot access the site (without the VPN) via the server's public IP. http://[publicIP]:1023/test.htm All I get is the "Oops! Internet Explorer could not connect to ..." message.
Just as a check, I tried a different port number on the same server and happily get pages from another web site on the same server. So DNS seems to be working okay.
Any ideas?
I'm not sure what else to check.
The NTFS folder permissions seem to be correct (IUSR_myservername)
Everything looks okay in IIS.
The site hosts fine in localhost or when connected via VPN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The port forwarding on the gateway is something I kind of take for granted, though I dimly remember this was "secured" at some point in its history - I'll check with our IT support people and check this. (might take a few days)
It's simply like this:
Your internet gateway must be aware that you have server which accepts service on a certain port. So when you configure your IIS to listen on 1023, thats fine for the clients from your local network, because they know how to get to your server's IP address, and when they get there, the server will serve web sites for all configured ports. This works for VPN too, because when you connect through VPN, you become a part of your local network, either NAT'ed or Routed, you will reach your server on the same address as if you are connected to your local network.
The problem here is when you try to reach your server via your Public IP, then when your request reaches your external interface on the internet gateway, it needs to know what to do with it, otherwise the packet will be dropped. When you have port forwarded, your gateway will forward request to the address of your IIS server.
P.S. Besides port forwarding, your network administrator needs to create a rule to allow that type of traffic (e.g. from anywhere to TCP port 1023 to <your IIS IP>).
Your internet gateway must be aware that you have server which accepts service on a certain port. So when you configure your IIS to listen on 1023, thats fine for the clients from your local network, because they know how to get to your server's IP address, and when they get there, the server will serve web sites for all configured ports. This works for VPN too, because when you connect through VPN, you become a part of your local network, either NAT'ed or Routed, you will reach your server on the same address as if you are connected to your local network.
The problem here is when you try to reach your server via your Public IP, then when your request reaches your external interface on the internet gateway, it needs to know what to do with it, otherwise the packet will be dropped. When you have port forwarded, your gateway will forward request to the address of your IIS server.
P.S. Besides port forwarding, your network administrator needs to create a rule to allow that type of traffic (e.g. from anywhere to TCP port 1023 to <your IIS IP>).
ASKER
Yes, I reused a port code which I KNOW was cleared through the gateway and the site is now available.
http://localhost:80
if possible then enable the port 1023 for the public access in the machine
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/55161df5-5f55-4ed3-bb26-b675153d49ac.mspx?mfr=true