ocortesmx
asked on
IP address change for my website not working
Hello,
I have 2 static IP address on my company and I need to change a website from one to the other. We have the Domain hosted with godaddy and I went there and changed the a records to point to the new address that I want to use and after the changes propagate I just get an error page. 403 - Forbidden: Access is denied. That to me looks like an IIS error. (see attached image). We have a SonicWall firewall but to me it doesn't llok like a SonicWall error.
We are using IIS 7. What else do I need to change besides the a records on my ISP to change the website?
Thank you
Error.jpg
I have 2 static IP address on my company and I need to change a website from one to the other. We have the Domain hosted with godaddy and I went there and changed the a records to point to the new address that I want to use and after the changes propagate I just get an error page. 403 - Forbidden: Access is denied. That to me looks like an IIS error. (see attached image). We have a SonicWall firewall but to me it doesn't llok like a SonicWall error.
We are using IIS 7. What else do I need to change besides the a records on my ISP to change the website?
Thank you
Error.jpg
have you checked, that the files of the web site are there in the physical path? Is there a index.htm or default.aspx?
ASKER
Thanks for the comment. It works fine now because I changed the a records on godaddy back to the original IP address. I couldn't have the website down all day. But if I change the IP address to the new one I get the same error.
ASKER
Yes the files on the website are on the physical path and it has the default.aspx. The site works fine when I put the old IP address back on godaddy
Is that second public IP (on port 80 and 443) NATted (PATted) correctly to the internal IP of your webserver?
Make sure on the new site, that you are not restricting access by IP.
Does the new location work from the inside?
using local hosts file you can point the site to the new IP so you can test it.
Site binding is not the issue. The issue is whether anonymous user access is allowed.
sonicwall
oldIP port 80 => internal IP port 80
newIP port 80 => internal IP2 port 80
http://newip/ do you see the site?
Do you allow remote management of your SonicWall? Is the newIP used for that purpose with a restriction access from a specific IP/range? It might be that is what is going on.
while you think you are going to yoursite.com you actually hitting the sonicwall configuration website and it is denying access because of the Access control you have configured for remote management.
Does the new location work from the inside?
using local hosts file you can point the site to the new IP so you can test it.
Site binding is not the issue. The issue is whether anonymous user access is allowed.
sonicwall
oldIP port 80 => internal IP port 80
newIP port 80 => internal IP2 port 80
http://newip/ do you see the site?
Do you allow remote management of your SonicWall? Is the newIP used for that purpose with a restriction access from a specific IP/range? It might be that is what is going on.
while you think you are going to yoursite.com you actually hitting the sonicwall configuration website and it is denying access because of the Access control you have configured for remote management.
ASKER
Hello,
erniebeek, how do you check the NATted?
ve3ofa, yes my SonicWall is using 2 static IP addresses and the site is accepting all unassigned on port 80 with the host name pointing to my domain.
arnold, there is not a new site, the site that I have running on static ip 1 and runs fine needs to be moved to static ip 2. The two ips are on the same sonicwall. If I type the new IP directly on the browser I get the same forbidden error. On the SonicWall for the new IP I don't have http or https checked for remote management.
This new IP is already being used y Exchange for our email server.
I don't know all the steps needed to make the move, I was thinking that there is a place on iis 7 to set the ip address of the webiste and changing the a records with godaddy will be enough but I am missing something.
erniebeek, how do you check the NATted?
ve3ofa, yes my SonicWall is using 2 static IP addresses and the site is accepting all unassigned on port 80 with the host name pointing to my domain.
arnold, there is not a new site, the site that I have running on static ip 1 and runs fine needs to be moved to static ip 2. The two ips are on the same sonicwall. If I type the new IP directly on the browser I get the same forbidden error. On the SonicWall for the new IP I don't have http or https checked for remote management.
This new IP is already being used y Exchange for our email server.
I don't know all the steps needed to make the move, I was thinking that there is a place on iis 7 to set the ip address of the webiste and changing the a records with godaddy will be enough but I am missing something.
Create a port forward ip2 port 80 to internal server port 80. And make sure it is enabled.
Currentip port 80 => internalip port 80
Newip port 80 => internalip port 80
See if that is allowed.
Then make sure that the site works using newip.
Alternatively, you can add an additional internal ip on the IIS site to which the second IP is pointed.
Currentip port 80 => internalip port 80
Newip port 80 => internalip port 80
See if that is allowed.
Then make sure that the site works using newip.
Alternatively, you can add an additional internal ip on the IIS site to which the second IP is pointed.
ASKER
arnold,
Sorry I am new to networking, when you say create a port forward ip2 to internal, are you talking about an access rule on the Firewall section of the sonicwall? And how you assign the secound ip on iis?
Thanks
Sorry I am new to networking, when you say create a port forward ip2 to internal, are you talking about an access rule on the Firewall section of the sonicwall? And how you assign the secound ip on iis?
Thanks
Yes you need to create a similar rule to what you currently have for the existing public ip for the new IP.
The issue might be that you did a one to one mapping from the second IP to the exchange server.
You add the additional IP under the properties of the network nterface, tcp/ip properties advanced.
Do you have multile sites defined? What info do you have in the display an example of which was posted by another expert earlier?
The issue might be that you did a one to one mapping from the second IP to the exchange server.
You add the additional IP under the properties of the network nterface, tcp/ip properties advanced.
Do you have multile sites defined? What info do you have in the display an example of which was posted by another expert earlier?
That error indicates anonymous access to the site is disabled.
It doesn't appear to be a port forwarding issue as you can see the IIS7 deny page.
It doesn't appear to be a port forwarding issue as you can see the IIS7 deny page.
Just a comment
Please contact us if there is anything we can do to serve you. We would love to partner with you and help make your business more successful.
HOW?
Please contact us if there is anything we can do to serve you. We would love to partner with you and help make your business more successful.
HOW?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You port forward on the router though arnold, but the page we're seeing is an IIS page, not a router page so the port forward must be ok (otherwise we wouldn't see the IIS response).
The 403 error looks like an authentication issue. If it was a port forwarding issue I'd expect you to see a "Page Can Not Be Found" error from the browser.
Generally if you have a one-to-one mapping you forward all ports to their corresponding ports on the internal server, so that again suggests its not a port forwarding issue.
@ocortesmx - can you take a screenshot of the Authentication page for the IIS site?
The 403 error looks like an authentication issue. If it was a port forwarding issue I'd expect you to see a "Page Can Not Be Found" error from the browser.
Generally if you have a one-to-one mapping you forward all ports to their corresponding ports on the internal server, so that again suggests its not a port forwarding issue.
@ocortesmx - can you take a screenshot of the Authentication page for the IIS site?
If the forwarding points to the wrong server, the solution resides and can only be completed on the sonicwall.
Does the exchange also provides external web access to check for email?
Does the exchange also provides external web access to check for email?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The error is coming from Exchange we are using OWA and eventhough the port forwarding was working I am getting the error. I am asking my ISP to issue additional static IPs so I can have a new one for the website.
Thank you for all your help
Thank you for all your help
you can always test using your new static address
http://70.123.234.123/
if that works then change your dns records at the registrar
http://70.123.234.123/
if that works then change your dns records at the registrar
Open a command prompt on your computer and type: IPCONFIG/FLUSHDNS
Also, clear all browser history on your browser(s) and then try again.