Expose IIS app externally

I havce run into a problem with and IIS ASP.NET 2 app I am building for our
organisation.

It has an app pool, a dedicated port (8085) host headers etc and runs well
from within our organisation.

However, I now want to expose it to the outside world so my users can log in
remotely without needing a VPN.

I'm running IIS on SBS 2003 using 2 NIC's but without ISA. I have added the
port number to the SBS firewall and opened up the port on my hardware
firewall. I must be missing something but it's just not working. I just
get a page not found error. My RemoteWebWorkplace and OWA, etc all work
externally so I'm a little confused where to go from here.

TIA

Russ

Re: Expose IIS app externally

If it runs well within your organization, then your question has
nothing to do with IIS nor exposing IIS apps externally.

Your issue has to do with network routing of external requests to the
external IP into the internal IP used by the web server. Which is
really not for this newsgroup.

Several common obstacles:
1. Your ISP does not allow requests to the Port you have selected
2. Your router is not forwarding requests from the external IP into
the internal IP
3. Your router does not have the external Port open
4. Your web server is blocking requests to its internal Port

You have verified configuration of some but not all obstacles.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




On Sep 28, 11:40 pm, "Russ Green" wrote:
> I havce run into a problem with and IIS ASP.NET 2 app I am building for our
> organisation.
>
> It has an app pool, a dedicated port (8085) host headers etc and runs well
> from within our organisation.
>
> However, I now want to expose it to the outside world so my users can log in
> remotely without needing a VPN.
>
> I'm running IIS on SBS 2003 using 2 NIC's but without ISA. I have added the
> port number to the SBS firewall and opened up the port on my hardware
> firewall. I must be missing something but it's just not working. I just
> get a page not found error. My RemoteWebWorkplace and OWA, etc all work
> externally so I'm a little confused where to go from here.
>
> TIA
>
> Russ

Re: Expose IIS app externally

This is a multi-part message in MIME format.

------=_NextPart_000_0051_01C802B0.7B4FDBF0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

As long as you aren't trying to publish this on port 80
Exposing port 80 on a domain controller which is also your sole server =
with all business critical data is a HUGE security risk
"Russ Green" wrote in message =
news:ebleDSmAIHA.3400@TK2MSFTNGP03.phx.gbl...
I havce run into a problem with and IIS ASP.NET 2 app I am building =
for our=20
organisation.

It has an app pool, a dedicated port (8085) host headers etc and runs =
well=20
from within our organisation.

However, I now want to expose it to the outside world so my users can =
log in=20
remotely without needing a VPN.

I'm running IIS on SBS 2003 using 2 NIC's but without ISA. I have =
added the=20
port number to the SBS firewall and opened up the port on my hardware=20
firewall. I must be missing something but it's just not working. I =
just=20
get a page not found error. My RemoteWebWorkplace and OWA, etc all =
work=20
externally so I'm a little confused where to go from here.

TIA

Russ=20


------=_NextPart_000_0051_01C802B0.7B4FDBF0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">

Re: Expose IIS app externally

Are you using a host header for this app? How do you access it from inside
the network? What is the URL?

--
Claus
"Russ Green" wrote in message
news:ebleDSmAIHA.3400@TK2MSFTNGP03.phx.gbl...
>I havce run into a problem with and IIS ASP.NET 2 app I am building for our
>organisation.
>
> It has an app pool, a dedicated port (8085) host headers etc and runs well
> from within our organisation.
>
> However, I now want to expose it to the outside world so my users can log
> in remotely without needing a VPN.
>
> I'm running IIS on SBS 2003 using 2 NIC's but without ISA. I have added
> the port number to the SBS firewall and opened up the port on my hardware
> firewall. I must be missing something but it's just not working. I just
> get a page not found error. My RemoteWebWorkplace and OWA, etc all work
> externally so I'm a little confused where to go from here.
>
> TIA
>
> Russ
>

Re: Expose IIS app externally

"David Wang" wrote in message
news:1191061191.852639.39620@o80g2000hse.googlegroups.com...
> If it runs well within your organization, then your question has
> nothing to do with IIS nor exposing IIS apps externally.

Yes it might have..
by DEFAULT on SBS the IIS webs and virtual directories etc are restricted
by source IP address.
the site may not necesarily be published on the second (external) network
interface.
The relavent page may not be set as the default page (most common cause of
page not found)
Anonymous access may not have read access to the folder/file

Check the "IP address and domain name restrictions" for the web site (on the
directory security tab)
But this should return a 'not authorized/restricted' page

Check that the web site is published on the IP address of the external NIC,
web site tab, Advanced.

Also, internal clients may be following a link or favorite to the full page
URL
eg:
https://server.name.lan:8897/pagename.aspx
But pagename.aspx may not be set as the default page.. properties, documents
tab..
If pagename.aspx is not in the list (and enable default content page is
enabled), then going to:
https://server.name.lan:8897 will return page not found.

I think that 'page not found' is a clue here. Is this the server returned
error page or IE's error page.
The external user will be accessing as 'anonymous' wheras the internal users
are logged on and NTLM auth is in use.
Access permissions MAY be the issue. In which case, taking away anonymous
access from the web site and thus forcing logon dialogue may fix this.
Try accessing the site internally from a laptop & user NOT a member of the
domain and NOT using identical username/password as a domain user, and make
sure you haven't done a mini-logon to the server (eg map drive).
If taking away anonymous access causes internal users to get the user/pass
dialogue box, then add the URL to the 'local intranet' zone on the client
system.
On SBS you can easily and quickly do this for the whole network in Group
Policy
- Post back to this NG is you want help with this.


David Barnes

Re: Expose IIS app externally

There is a host header but it is not on port 80....I have placed a link to
is on companyweb but essentailly it is http://HOSTHEADER:PORTNO

Russ

Re: Expose IIS app externally

> Anonymous access may not have read access to the folder/file
Checked that and it does.

> Check the "IP address and domain name restrictions" for the web site (on
> the directory security tab)
> But this should return a 'not authorized/restricted' page
no issues here....all computers are granted access

> Check that the web site is published on the IP address of the external
> NIC, web site tab, Advanced.
IP address is all unassigned

> Also, internal clients may be following a link or favorite to the full
> page URL
> eg:
> https://server.name.lan:8897/pagename.aspx
> But pagename.aspx may not be set as the default page.. properties,
> documents tab..
> If pagename.aspx is not in the list (and enable default content page is
> enabled), then going to:
> https://server.name.lan:8897 will return page not found.
Nope...there is a default.aspx and internal clients just need
http://servername:port or http://hostheader:port


> I think that 'page not found' is a clue here. Is this the server returned
> error page or IE's error page.
> The external user will be accessing as 'anonymous' wheras the internal
> users are logged on and NTLM auth is in use.
> Access permissions MAY be the issue. In which case, taking away anonymous
> access from the web site and thus forcing logon dialogue may fix this.
I've tried removing annonymous access and externally the username and
password dialog does not appear.

> Try accessing the site internally from a laptop & user NOT a member of the
> domain and NOT using identical username/password as a domain user, and
> make sure you haven't done a mini-logon to the server (eg map drive).
> If taking away anonymous access causes internal users to get the user/pass
> dialogue box, then add the URL to the 'local intranet' zone on the client
> system.
> On SBS you can easily and quickly do this for the whole network in Group
> Policy
> - Post back to this NG is you want help with this.
>
>
> David Barnes
>
>
>

Re: Expose IIS app externally

If you create an A record on your ISP DNS matching the hostheader on your
application (like myapp.mycompany.com) you should be able to get to it with
http://myapp.maycompany.com:8085

--
Claus
"Russ Green" wrote in message
news:uQmHkaECIHA.3564@TK2MSFTNGP04.phx.gbl...
> There is a host header but it is not on port 80....I have placed a link to
> is on companyweb but essentailly it is http://HOSTHEADER:PORTNO
>
> Russ
>

Re: Expose IIS app externally

OK.. Hmm.

externally
telnet ip-address port-number

do you get the IIS response?

eg
telnet www.microsoft.com 80
-type in some crap-
-press return a couple of times-
and you get:

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 07 Oct 2007 12:21:27 GMT
Connection: close
Content-Length: 326

4.01//EN""http://www.w3.org/TR/html4/str
ict.dtd">

Bad Request - Invalid Verb

HTTP Error 400. The request verb is invalid.

Re: Expose IIS app externally

Tried to telnet the IP on port 81 but got an error saying could not open
connection to the host on port 23: connect failed.

Re: Expose IIS app externally

"Russ Green" wrote in message
news:uYQn8nPCIHA.1208@TK2MSFTNGP03.phx.gbl...
> Tried to telnet the IP on port 81 but got an error saying could not open
> connection to the host on port 23: connect failed.

The returned error says that telnet was trying to use the default telnet
port, not port 81.
Try again..
syntax should be like:

telnet www.example.dns.name.com 81
OR
telnet 83.56.98.54 81

note the space between the IP address and the port number
for full syntax type (without quotes) "telnet /h"

David Barnes