Jump to content

Website: intranet working, internet not working


Recommended Posts

This is driving me nuts :wacko: I have set up a web server and it is working fine within our own network. When I try to access the website from home for example, it does not work and I receive the error "cannot display the webpage". I have no idea where to look and what the problem could be and I hope that someone here can be of help, before I throw the web server out of the window ;)

The website is running on IIS 6.0 on Windows Server 2003 Web Edition. The website is based on DotNetNuke, a CMS. When I enter the servername or its internal IP address in Internet Explorer, the website shows fine. On our router I have forwarded port 80 to port 80 on our web server, a different time I have added the web server's IP address to the DMZ, I have once added an IP alias on the router especially for the web server, I have combined all of these too, but none of these things solved the problem and I still can't access the web server from outside our network. Funny thing is that when I enter the IP address of our router or the IP alias in Internet Explorer while I'm at the office, it forwards me to the servername automatically and the website shows. :wacko:

It's like there is a kind of loop back thingy going on. I'm going to set up Syslog to see what is going on, but I hope that someone here has an idea on how to solve this issue as it's giving me a headache :(

Link to comment
Share on other sites


Easiest fix - Does your company have a VPN you can connect through. Once connected to a VPN, that you will be able to connect like you were in the office. (your internal DNS handles everything) Would that solve the problem or does this server need to be publicly accessible to employee's and non-employee's alike.

Also, since you mentioned a DMZ, are you utilizing multi-levels of routers or is this a simple DMZ contained in a single router, in some cases you need to open ports on both the inside router and the external router. Disregard if not applicable to your network.

When you say you are trying to connect from home, what do you mean, are you typing in it's internal IP address, the IP address of your remote router or something else ?

Link to comment
Share on other sites

Easiest fix - Does your company have a VPN you can connect through. Once connected to a VPN, that you will be able to connect like you were in the office. (your internal DNS handles everything) Would that solve the problem or does this server need to be publicly accessible to employee's and non-employee's alike.

Yes, I could set up a VPN, but the website needs to be publically accessable ;)

Also, since you mentioned a DMZ, are you utilizing multi-levels of routers or is this a simple DMZ contained in a single router, in some cases you need to open ports on both the inside router and the external router. Disregard if not applicable to your network.

When you say you are trying to connect from home, what do you mean, are you typing in it's internal IP address, the IP address of your remote router or something else ?

When I wrote from home, I mean any location besides at work, so at home, a friend's place, et cetera. We have one router facing the internet, a DrayTek Vigor3300. Of course I don't use the internal IP address from another location, that would not work ;) We have a block of IP addresses. Our router IP address forwards port 80 to the web server for example, but I have also tried adding the web server to the DMZ for example, but it doesn't work. IP have also tried binding other IP addresses like I wrote already, but no luck. When I enter the router IP address 123.123.123.123 in a browser while I'm at the office it forwards me to the hostname of the web server and the website shows. No matter what I try, accessing it from any other location doesn't work. I also have various terminal servers for example, but these work fine when I forward port 3389 for example. I'm quite sure therefore that I'm not doing something wrong in forwarding the right ports. I'm thinking more that it is a problem with the web server itself, perhaps a policy I don't know about, some kind of IIS configuration thingy, et cetera. But any idea what the problem could be and how to solve it is welcome. I'm going nuts here :wacko:

Edited by Arie
Link to comment
Share on other sites

When I wrote from home, I mean any location besides at work, so at home, a friend's place, et cetera. We have one router facing the internet, a DrayTek Vigor3300. Of course I don't use the internal IP address from another location, that would not work ;)
Had to be sure. You mentioned that Terminal Servers work correctly with forwarding, which is good, that clears up a lot of the lame DNS replication questions, obviously finding the office externally is non-issue.

From IIS perspective, when you are on the local network, passthrough authentication is usually used. But from home you are probably considered an anonymous visitor. Can you check and see if IIS is set to receive anonymous visitors ?

http://support.microsoft.com/kb/324274

Never used a DrayTek before, is it command line based or does it have a snazzy gui. Not sure how it maintains it's access lists but one hypothesis is that it is possible that an access list entry is set to deny port 80, and that line of code denys it before it can get to the your port forwarding entry ?

Not sure if I am explaining the possible problem correctly, but coming from a Cisco/Lucent background, we always had to be careful the order in which we defined our access lists. Sometimes a DENY entry earlier in the list would drop the packet before it can ever get to the ALLOW entry.

If you have other working websites and know for a fact this is a non-issue then disregard.

Edited by MrJinje
Link to comment
Share on other sites

Thank you very much for your help MrJinje :)

From IIS perspective, when you are on the local network, passthrough authentication is usually used. But from home you are probably considered an anonymous visitor. Can you check and see if IIS is set to receive anonymous visitors ?

http://support.microsoft.com/kb/324274

Yes, it is enabled.

Never used a DrayTek before, is it command line based or does it have a snazzy gui. Not sure how it maintains it's access lists but one hypothesis is that it is possible that an access list entry is set to deny port 80, and that line of code denys it before it can get to the your port forwarding entry ?

Not sure if I am explaining the possible problem correctly, but coming from a Cisco/Lucent background, we always had to be careful the order in which we defined our access lists. Sometimes a DENY entry earlier in the list would drop the packet before it can ever get to the ALLOW entry.

If you have other working websites and know for a fact this is a non-issue then disregard.

I understand what you mean. Our router can be configured via a terminal and via a web interface, but you cannot change the order in access lists, so that won't be the issue.

I have thought of something silly which might be the cause of the problem and that is that the web server has been taken out of its rack and placed in a different room for configuring the website itself, testing, et cetera, all third party work by the way. The web server hasn't been placed back in its rack yet. I'm not suggesting that it could be a routing issue for example, as our network is far from complicated, but there have been issues on our network in the past where someone would have used faulty UTP cables which caused network connectivity errors. Replacing the cables with proper UTP cables solved these issues instantly. Perhaps the room where the web server is now has this same problem. In our office the response time might be good enough for the website to show, but perhaps from outside our office the response time of the web server might be too low because of the bad cabling and perhaps this causes the error message that the website cannot be found. I don't know if this could be the issue, but it's worth checking. I'll put the server in its rack again tomorrow or Friday to see if it solves the issue or not.

Link to comment
Share on other sites

  • 2 weeks later...

Its been a while... What I've done thus far... I've placed the server back in its rack, but that didn't solve the issue. I have updated the firmware of our router, which didn't solve it either. I've changed everything possible on the router again and again to get the website working, but nothing I tried helped a bit. Then I had an idea! We have a Windows Home Server on our network via DHCP at current which is hooked up to be configured and which will be moved to another one of our locations, a small one. I changed the port forwarding of port 80 on our router to the IP address of this Windows Home Server, as it runs a website as well, and I tried connecting to our internet IP address to see if I would see the Windows Home Server website. Guess what, it showed up fine from outside the office! This means that the problem is the webserver itself and that we can exclude the router from being the issue. But what can make that the webserver cannot be accessed from outside our LAN? Port forwarding is fine, as we know now, it's something on the server which is configured wrong. The question is what? Can it be some kind of policy issue which only allows connections from the LAN? I couldn't find anything in Group Policy or the Local Security Policy about this, but perhaps I have missed something? Windows Firewall is disabled. We're running ESET NOD32 on the webserver, but disabling it doesn't help. ESET NOD32 is running on the before mentioned Windows Home Server as well, so that can't be the issue. Perhaps I've configured something wrong in the Internet Information Services Manager?

Link to comment
Share on other sites

While I was writing my last message, something has changed drastically... On the webserver the website was all of a sudden stopped. When restarting the website I got the error message: "the format of the specified network name is not valid". I changed the ListenOnlySomethingSomething ;) as suggested somewhere on the Microsoft website by removing an invalid IP address and now when I try to access the website from home for example via its IP address, it finds the server... but then tries to forward me to http://hostnameofserver... which obviously cannot be found on the internet! What is causing this forwarding to the hostname of the server? :wacko:

Link to comment
Share on other sites

It seems to be a problem now with the website itself, which runs on DotNetNuke. When I enter the URL in the address bar of my browser, it forwards me to the hostname, as written above. When I enter the URL\test.txt in the address bar of my browser, it does not forward me to the hostname, but stays on the URL entered and shows me the text file. In other words, the webserver works fine now, but the website itself is the problem. I'll forward it to the webdeveloper and see what he comes up with.

Link to comment
Share on other sites

  • 12 years later...

In Internet Explorer, click Tools, and then click Internet Options.

On the Security tab, click Local intranet, and then click Sites.

Click Advanced, and then type .domain.com, or an IP address range (for example, 157.54.100-200.) in the Add this Web site to the zone box, where domain.com is your company and top-level domain names.

Click Add, click OK, click OK, and then click OK again to close the Internet Options dialog box.

Restart the computer.

 

Regards,

Peter

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...