Arie Posted January 12, 2010 Posted January 12, 2010 This is driving me nuts I have set up a web server and it is working fine within our own network. When I try to access the website from home for example, it does not work and I receive the error "cannot display the webpage". I have no idea where to look and what the problem could be and I hope that someone here can be of help, before I throw the web server out of the window The website is running on IIS 6.0 on Windows Server 2003 Web Edition. The website is based on DotNetNuke, a CMS. When I enter the servername or its internal IP address in Internet Explorer, the website shows fine. On our router I have forwarded port 80 to port 80 on our web server, a different time I have added the web server's IP address to the DMZ, I have once added an IP alias on the router especially for the web server, I have combined all of these too, but none of these things solved the problem and I still can't access the web server from outside our network. Funny thing is that when I enter the IP address of our router or the IP alias in Internet Explorer while I'm at the office, it forwards me to the servername automatically and the website shows. It's like there is a kind of loop back thingy going on. I'm going to set up Syslog to see what is going on, but I hope that someone here has an idea on how to solve this issue as it's giving me a headache
MrJinje Posted January 12, 2010 Posted January 12, 2010 Easiest fix - Does your company have a VPN you can connect through. Once connected to a VPN, that you will be able to connect like you were in the office. (your internal DNS handles everything) Would that solve the problem or does this server need to be publicly accessible to employee's and non-employee's alike. Also, since you mentioned a DMZ, are you utilizing multi-levels of routers or is this a simple DMZ contained in a single router, in some cases you need to open ports on both the inside router and the external router. Disregard if not applicable to your network.When you say you are trying to connect from home, what do you mean, are you typing in it's internal IP address, the IP address of your remote router or something else ?
Arie Posted January 12, 2010 Author Posted January 12, 2010 (edited) Easiest fix - Does your company have a VPN you can connect through. Once connected to a VPN, that you will be able to connect like you were in the office. (your internal DNS handles everything) Would that solve the problem or does this server need to be publicly accessible to employee's and non-employee's alike.Yes, I could set up a VPN, but the website needs to be publically accessable Also, since you mentioned a DMZ, are you utilizing multi-levels of routers or is this a simple DMZ contained in a single router, in some cases you need to open ports on both the inside router and the external router. Disregard if not applicable to your network.When you say you are trying to connect from home, what do you mean, are you typing in it's internal IP address, the IP address of your remote router or something else ?When I wrote from home, I mean any location besides at work, so at home, a friend's place, et cetera. We have one router facing the internet, a DrayTek Vigor3300. Of course I don't use the internal IP address from another location, that would not work We have a block of IP addresses. Our router IP address forwards port 80 to the web server for example, but I have also tried adding the web server to the DMZ for example, but it doesn't work. IP have also tried binding other IP addresses like I wrote already, but no luck. When I enter the router IP address 123.123.123.123 in a browser while I'm at the office it forwards me to the hostname of the web server and the website shows. No matter what I try, accessing it from any other location doesn't work. I also have various terminal servers for example, but these work fine when I forward port 3389 for example. I'm quite sure therefore that I'm not doing something wrong in forwarding the right ports. I'm thinking more that it is a problem with the web server itself, perhaps a policy I don't know about, some kind of IIS configuration thingy, et cetera. But any idea what the problem could be and how to solve it is welcome. I'm going nuts here Edited January 12, 2010 by Arie
MrJinje Posted January 12, 2010 Posted January 12, 2010 (edited) When I wrote from home, I mean any location besides at work, so at home, a friend's place, et cetera. We have one router facing the internet, a DrayTek Vigor3300. Of course I don't use the internal IP address from another location, that would not work Had to be sure. You mentioned that Terminal Servers work correctly with forwarding, which is good, that clears up a lot of the lame DNS replication questions, obviously finding the office externally is non-issue.From IIS perspective, when you are on the local network, passthrough authentication is usually used. But from home you are probably considered an anonymous visitor. Can you check and see if IIS is set to receive anonymous visitors ? http://support.microsoft.com/kb/324274Never used a DrayTek before, is it command line based or does it have a snazzy gui. Not sure how it maintains it's access lists but one hypothesis is that it is possible that an access list entry is set to deny port 80, and that line of code denys it before it can get to the your port forwarding entry ?Not sure if I am explaining the possible problem correctly, but coming from a Cisco/Lucent background, we always had to be careful the order in which we defined our access lists. Sometimes a DENY entry earlier in the list would drop the packet before it can ever get to the ALLOW entry. If you have other working websites and know for a fact this is a non-issue then disregard. Edited January 12, 2010 by MrJinje
Arie Posted January 13, 2010 Author Posted January 13, 2010 Thank you very much for your help MrJinje From IIS perspective, when you are on the local network, passthrough authentication is usually used. But from home you are probably considered an anonymous visitor. Can you check and see if IIS is set to receive anonymous visitors ? http://support.microsoft.com/kb/324274Yes, it is enabled.Never used a DrayTek before, is it command line based or does it have a snazzy gui. Not sure how it maintains it's access lists but one hypothesis is that it is possible that an access list entry is set to deny port 80, and that line of code denys it before it can get to the your port forwarding entry ?Not sure if I am explaining the possible problem correctly, but coming from a Cisco/Lucent background, we always had to be careful the order in which we defined our access lists. Sometimes a DENY entry earlier in the list would drop the packet before it can ever get to the ALLOW entry. If you have other working websites and know for a fact this is a non-issue then disregard.I understand what you mean. Our router can be configured via a terminal and via a web interface, but you cannot change the order in access lists, so that won't be the issue.I have thought of something silly which might be the cause of the problem and that is that the web server has been taken out of its rack and placed in a different room for configuring the website itself, testing, et cetera, all third party work by the way. The web server hasn't been placed back in its rack yet. I'm not suggesting that it could be a routing issue for example, as our network is far from complicated, but there have been issues on our network in the past where someone would have used faulty UTP cables which caused network connectivity errors. Replacing the cables with proper UTP cables solved these issues instantly. Perhaps the room where the web server is now has this same problem. In our office the response time might be good enough for the website to show, but perhaps from outside our office the response time of the web server might be too low because of the bad cabling and perhaps this causes the error message that the website cannot be found. I don't know if this could be the issue, but it's worth checking. I'll put the server in its rack again tomorrow or Friday to see if it solves the issue or not.
Arie Posted January 21, 2010 Author Posted January 21, 2010 Its been a while... What I've done thus far... I've placed the server back in its rack, but that didn't solve the issue. I have updated the firmware of our router, which didn't solve it either. I've changed everything possible on the router again and again to get the website working, but nothing I tried helped a bit. Then I had an idea! We have a Windows Home Server on our network via DHCP at current which is hooked up to be configured and which will be moved to another one of our locations, a small one. I changed the port forwarding of port 80 on our router to the IP address of this Windows Home Server, as it runs a website as well, and I tried connecting to our internet IP address to see if I would see the Windows Home Server website. Guess what, it showed up fine from outside the office! This means that the problem is the webserver itself and that we can exclude the router from being the issue. But what can make that the webserver cannot be accessed from outside our LAN? Port forwarding is fine, as we know now, it's something on the server which is configured wrong. The question is what? Can it be some kind of policy issue which only allows connections from the LAN? I couldn't find anything in Group Policy or the Local Security Policy about this, but perhaps I have missed something? Windows Firewall is disabled. We're running ESET NOD32 on the webserver, but disabling it doesn't help. ESET NOD32 is running on the before mentioned Windows Home Server as well, so that can't be the issue. Perhaps I've configured something wrong in the Internet Information Services Manager?
Arie Posted January 21, 2010 Author Posted January 21, 2010 While I was writing my last message, something has changed drastically... On the webserver the website was all of a sudden stopped. When restarting the website I got the error message: "the format of the specified network name is not valid". I changed the ListenOnlySomethingSomething as suggested somewhere on the Microsoft website by removing an invalid IP address and now when I try to access the website from home for example via its IP address, it finds the server... but then tries to forward me to http://hostnameofserver... which obviously cannot be found on the internet! What is causing this forwarding to the hostname of the server?
Arie Posted January 21, 2010 Author Posted January 21, 2010 It seems to be a problem now with the website itself, which runs on DotNetNuke. When I enter the URL in the address bar of my browser, it forwards me to the hostname, as written above. When I enter the URL\test.txt in the address bar of my browser, it does not forward me to the hostname, but stays on the URL entered and shows me the text file. In other words, the webserver works fine now, but the website itself is the problem. I'll forward it to the webdeveloper and see what he comes up with.
petergroft Posted July 6, 2022 Posted July 6, 2022 In Internet Explorer, click Tools, and then click Internet Options. On the Security tab, click Local intranet, and then click Sites. Click Advanced, and then type .domain.com, or an IP address range (for example, 157.54.100-200.) in the Add this Web site to the zone box, where domain.com is your company and top-level domain names. Click Add, click OK, click OK, and then click OK again to close the Internet Options dialog box. Restart the computer. Regards, Peter
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now