Re: Web server issue



peter.mcclymont@xxxxxxxxx wrote on 5 May 2006 21:46:05 -0700:

Hi All,

I have a web server (IIS using ASP .NET 2.0) behind a broadband router.

I cannot get the web server to be visible on the internet. I can run
the web site from the computer it is hosted on though.

On the router I have opened the port 80 to allow the traffic through
(using port forwarding), and also tried to run it in DMZ mode, but
neither seem to work.

When you say don't work, have you actually tested access from a machine that
is not on your LAN? Most routers will drop packets sent from the internal
connection that are addressed to the public address. To reduce spoofing, all
packets addressed to an interface are dropped automatically if they were
passed out of that interface - when you try to connect to the public IP
address that you have port forwarded the packets are passed out of your
public interface (because all packets accepted at the LAN interface that are
not blocked by an outbound access list will be sent to the WAN interface),
and then picked up again at the same one (as it's the router interface that
takes the packets and forwards them into your server) - the router will then
drop them.

To test your port forwarding is correct, and your server is accessible from
the internet, you will need to test it from another connection outside of
your router.

Dan


.



Relevant Pages

  • RE: Cisco IOS vulnerability
    ... You are vulnerable unless you have deny statement which blocks all ... packets other than say ICMP or IPSEC coming to the router interface ... Even though the packets targeted *at* the routers interface is only ...
    (Incidents)
  • Re: Smoothwall may not be forwarding port 80
    ... On the red interface is an adsl router. ... PORT STATE SERVICE ... dropping the packets, or that the forwarding does not work correctly. ...
    (comp.security.firewalls)
  • Re: Nmap questions concering my router
    ... It's a bit off topic - but down at the Ethernet level, the packets are ... so your router masquerades for you. ... it may differ from other applications - we just send data to a network ... >> the Ethernet header is the MAC address of the 10.0.0.138 interface. ...
    (comp.security.firewalls)
  • Re: adsl+sdsl+cable?
    ... Short answer: good luck:) ... Because the outgoing packets will always have the IP ... address associated with the originating interface, ... The server would see the router as the source ...
    (alt.os.linux.suse)
  • Re: Adding a 3rd Nic W2k Server
    ... > I have a web server and a database server. ... > T1 and would like to utilize both Internet connections. ... nic), and one Router. ... Your network would connect to the Ethernet interface and nothing ...
    (microsoft.public.windows.server.networking)