Services listening on all ports?

I have been trying to run IIS and Apache Tomcat on the same Server using the
same Port (80 for http and 443 for https). I am trying to do this by using
multiple IP address on the same Nic card. This would allow me multiple
sockets for the same port.

With all my research it seems that most services seem to listen on ALL IP
addresses on the same machine for a particular port (25 SMTP, 53 DNS, 80
HTTP). I found you can tell IIS NOT to listen to a particular IP Address
which would allow Apache to connect to that IP Address and listen to 80 and
443 at the same time as IIS.

What I don't know is if this is normal. I did add another IP Address to my
Nic card and tried to do a "telnet address port" for all the ports open on
my machine. They were ALL open for both addresses. I thought that when you
created a service to listen on a port you had to give it an IP Address and
Port Number to create a socket.

If you create a service, is it going to listen on all IP Addresses?

Thanks,

Tom

"tshad" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> I thought that when you created a service to listen on a port you had to give
> it an IP Address and Port Number to create a socket.
>
> If you create a service, is it going to listen on all IP Addresses?

That depends on the service. You always have to specify a port number (or use
whatever is default) but it can either listen to all IP addresses (also usually
default) or a specific IP address. Most services (including IIS) allow you to
specify a specific address, as well as port, to listen on.

Yes IIS does bind to all addresses.

Apache does the same thing by default but if you add the address into the
connector line it will only bind to that address. That takes care of the
Apache issue.

But IIS will connect to all addresses even if you specifically set each
website to be a different address. In our case, if we set up 10 addresses
on the Nic card and set up our 4 web sites to access 4 of the address, it
will still grab all the addresses - preventing Apache from running. If we
manually start Apache to grab one of the addresses not used by IIS first
(from the Services window) and then start IIS - IIS will fail. The web
server will show as started but it won't handle any of the pages.

The solution, apparently (am in the process of testing and I believe it will
work) is a program from MS called httpcfg.exe which you can run to set up a
listener list. I assume what happens is that IIS will look for a listener
list and if it finds it, it will only bind to the addresses on the list. If
there is no list it will bind to all addresses. So in my case, I will put
all the address except the one that Apache will use and that will solve the
problem. It doesn't matter what order they start in as IIS won't even look
at the Apache address.

I am not sure what they did before W2K3 and XP SP2 as I believe it came out
then and I don't believe works for IIS5.

Wish me luck and thanks,

Tom


"Mike Lowery" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "tshad" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>
>> I thought that when you created a service to listen on a port you had to
>> give it an IP Address and Port Number to create a socket.
>>
>> If you create a service, is it going to listen on all IP Addresses?
>
> That depends on the service. You always have to specify a port number (or
> use whatever is default) but it can either listen to all IP addresses
> (also usually default) or a specific IP address. Most services (including
> IIS) allow you to specify a specific address, as well as port, to listen
> on.
>
>

I think httpcfg.exe will allow you to do what you want.

"tshad" <(E-Mail Removed)> wrote in message
news:egQ%(E-Mail Removed)...
> Yes IIS does bind to all addresses.
>
> Apache does the same thing by default but if you add the address into the
> connector line it will only bind to that address. That takes care of the
> Apache issue.
>
> But IIS will connect to all addresses even if you specifically set each
> website to be a different address. In our case, if we set up 10 addresses
> on the Nic card and set up our 4 web sites to access 4 of the address, it
> will still grab all the addresses - preventing Apache from running. If we
> manually start Apache to grab one of the addresses not used by IIS first
> (from the Services window) and then start IIS - IIS will fail. The web
> server will show as started but it won't handle any of the pages.
>
> The solution, apparently (am in the process of testing and I believe it will
> work) is a program from MS called httpcfg.exe which you can run to set up a
> listener list. I assume what happens is that IIS will look for a listener
> list and if it finds it, it will only bind to the addresses on the list. If
> there is no list it will bind to all addresses. So in my case, I will put
> all the address except the one that Apache will use and that will solve the
> problem. It doesn't matter what order they start in as IIS won't even look
> at the Apache address.
>
> I am not sure what they did before W2K3 and XP SP2 as I believe it came out
> then and I don't believe works for IIS5.
>
> Wish me luck and thanks,
>
> Tom
>
>
> "Mike Lowery" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "tshad" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>>
>>> I thought that when you created a service to listen on a port you had to
>>> give it an IP Address and Port Number to create a socket.
>>>
>>> If you create a service, is it going to listen on all IP Addresses?
>>
>> That depends on the service. You always have to specify a port number (or
>> use whatever is default) but it can either listen to all IP addresses (also
>> usually default) or a specific IP address. Most services (including IIS)
>> allow you to specify a specific address, as well as port, to listen on.
>>
>>
>
>

"Mike Lowery" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I think httpcfg.exe will allow you to do what you want.

It did. I spent last night with my test machine and found it did exactly
what I wanted to do.

This is only supposed to work for W2K3 Server and XP. What did they do for
W2K Server? They also had socket pooling then.

Thanks,

Tom
>
> "tshad" <(E-Mail Removed)> wrote in message
> news:egQ%(E-Mail Removed)...
>> Yes IIS does bind to all addresses.
>>
>> Apache does the same thing by default but if you add the address into the
>> connector line it will only bind to that address. That takes care of the
>> Apache issue.
>>
>> But IIS will connect to all addresses even if you specifically set each
>> website to be a different address. In our case, if we set up 10
>> addresses
>> on the Nic card and set up our 4 web sites to access 4 of the address, it
>> will still grab all the addresses - preventing Apache from running. If
>> we
>> manually start Apache to grab one of the addresses not used by IIS first
>> (from the Services window) and then start IIS - IIS will fail. The web
>> server will show as started but it won't handle any of the pages.
>>
>> The solution, apparently (am in the process of testing and I believe it
>> will
>> work) is a program from MS called httpcfg.exe which you can run to set up
>> a
>> listener list. I assume what happens is that IIS will look for a
>> listener
>> list and if it finds it, it will only bind to the addresses on the list.
>> If
>> there is no list it will bind to all addresses. So in my case, I will
>> put
>> all the address except the one that Apache will use and that will solve
>> the
>> problem. It doesn't matter what order they start in as IIS won't even
>> look
>> at the Apache address.
>>
>> I am not sure what they did before W2K3 and XP SP2 as I believe it came
>> out
>> then and I don't believe works for IIS5.
>>
>> Wish me luck and thanks,
>>
>> Tom
>>
>>
>> "Mike Lowery" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>
>>> "tshad" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>>
>>>> I thought that when you created a service to listen on a port you had
>>>> to give it an IP Address and Port Number to create a socket.
>>>>
>>>> If you create a service, is it going to listen on all IP Addresses?
>>>
>>> That depends on the service. You always have to specify a port number
>>> (or use whatever is default) but it can either listen to all IP
>>> addresses (also usually default) or a specific IP address. Most
>>> services (including IIS) allow you to specify a specific address, as
>>> well as port, to listen on.
>>>
>>>
>>
>>
>
>

I got it all working with httpcfg, but ran into an interesting problem.

I have 3 websites set as 192.168.122.200 and port 80 with ssl set to ports
4430, 4431, 4433. I also used httpcfg to define 1 address to bind to
(192.168.122.200). I also have 192.168.122.201-203 defined on the the Nic
but nothing bound to them

This gave me the following - which makes sense.
************************************************** ***
C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
....
TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING

C:\>httpcfg query iplisten
IP : 192.168.122.200
----------------------------------------------------------------------------
--
************************************************** ***

But then I used httpcfg to add another Address to the listening list but
still am not binding anything to it. But it seems to bind all the ports
that are bound to 192.168.122.200 also to 192.168.122.201. But if I am not
using Socket Pooling - why is it binding all the ports to the new IP?

************************************************** *************
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
....
TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
TCP 192.168.122.201:80 0.0.0.0:0 LISTENING
TCP 192.168.122.201:4430 0.0.0.0:0 LISTENING
TCP 192.168.122.201:4431 0.0.0.0:0 LISTENING
TCP 192.168.122.201:4433 0.0.0.0:0 LISTENING

C:\Documents and Settings\Administrator>cd\

C:\>httpcfg query iplisten
IP : 192.168.122.200
----------------------------------------------------------------------------
--
IP : 192.168.122.201
----------------------------------------------------------------------------
--
************************************************** **************

Thanks,

Tom

I need to figure this out as we tried to get this working today and found
that because I add 443 to one address - it will do it for all the address in
the list.

I don't want to do that.

I need to be able to tell IIS to only open port 443 on a particular address
and not all the IPs in the list. Is there a way to do this? It appears
that httpcfg won't help me here. It works great for stopping it from
grabbing all the addresses in the list. But it still seems to be Socket
pulling on all those addresses. If you open a port on one address - it will
grab it for all the addresses.

Thanks,

Tom
"tshad" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I got it all working with httpcfg, but ran into an interesting problem.
>
> I have 3 websites set as 192.168.122.200 and port 80 with ssl set to ports
> 4430, 4431, 4433. I also used httpcfg to define 1 address to bind to
> (192.168.122.200). I also have 192.168.122.201-203 defined on the the Nic
> but nothing bound to them
>
> This gave me the following - which makes sense.
> ************************************************** ***
> C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
> ...
> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
>
> C:\>httpcfg query iplisten
> IP : 192.168.122.200
> ----------------------------------------------------------------------------
> --
> ************************************************** ***
>
> But then I used httpcfg to add another Address to the listening list but
> still am not binding anything to it. But it seems to bind all the ports
> that are bound to 192.168.122.200 also to 192.168.122.201. But if I am
> not
> using Socket Pooling - why is it binding all the ports to the new IP?
>
> ************************************************** *************
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
> ...
> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
> TCP 192.168.122.201:80 0.0.0.0:0 LISTENING
> TCP 192.168.122.201:4430 0.0.0.0:0 LISTENING
> TCP 192.168.122.201:4431 0.0.0.0:0 LISTENING
> TCP 192.168.122.201:4433 0.0.0.0:0 LISTENING
>
> C:\Documents and Settings\Administrator>cd\
>
> C:\>httpcfg query iplisten
> IP : 192.168.122.200
> ----------------------------------------------------------------------------
> --
> IP : 192.168.122.201
> ----------------------------------------------------------------------------
> --
> ************************************************** **************
>
> Thanks,
>
> Tom
>
>

This article might help:
http://support.microsoft.com/kb/238131/

"tshad" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I need to figure this out as we tried to get this working today and found that
>because I add 443 to one address - it will do it for all the address in the
>list.
>
> I don't want to do that.
>
> I need to be able to tell IIS to only open port 443 on a particular address
> and not all the IPs in the list. Is there a way to do this? It appears that
> httpcfg won't help me here. It works great for stopping it from grabbing all
> the addresses in the list. But it still seems to be Socket pulling on all
> those addresses. If you open a port on one address - it will grab it for all
> the addresses.
>
> Thanks,
>
> Tom
> "tshad" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I got it all working with httpcfg, but ran into an interesting problem.
>>
>> I have 3 websites set as 192.168.122.200 and port 80 with ssl set to ports
>> 4430, 4431, 4433. I also used httpcfg to define 1 address to bind to
>> (192.168.122.200). I also have 192.168.122.201-203 defined on the the Nic
>> but nothing bound to them
>>
>> This gave me the following - which makes sense.
>> ************************************************** ***
>> C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
>> ...
>> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
>>
>> C:\>httpcfg query iplisten
>> IP : 192.168.122.200
>> ----------------------------------------------------------------------------
>> --
>> ************************************************** ***
>>
>> But then I used httpcfg to add another Address to the listening list but
>> still am not binding anything to it. But it seems to bind all the ports
>> that are bound to 192.168.122.200 also to 192.168.122.201. But if I am not
>> using Socket Pooling - why is it binding all the ports to the new IP?
>>
>> ************************************************** *************
>> Microsoft Windows [Version 5.2.3790]
>> (C) Copyright 1985-2003 Microsoft Corp.
>>
>> C:\Documents and Settings\Administrator>netstat -an | find /i "listening"
>> ...
>> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
>> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
>> TCP 192.168.122.201:80 0.0.0.0:0 LISTENING
>> TCP 192.168.122.201:4430 0.0.0.0:0 LISTENING
>> TCP 192.168.122.201:4431 0.0.0.0:0 LISTENING
>> TCP 192.168.122.201:4433 0.0.0.0:0 LISTENING
>>
>> C:\Documents and Settings\Administrator>cd\
>>
>> C:\>httpcfg query iplisten
>> IP : 192.168.122.200
>> ----------------------------------------------------------------------------
>> --
>> IP : 192.168.122.201
>> ----------------------------------------------------------------------------
>> --
>> ************************************************** **************
>>
>> Thanks,
>>
>> Tom
>>
>>
>
>

"Mike Lowery" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This article might help:
> http://support.microsoft.com/kb/238131/

That works for Windows 2000. I am on Windows 2003 and I found out that you
need to use the httpcfg program that is on the Install disk.

We actually got this to work pretty much. But ran into a problem where we
have the same Domain name for our IIS and Apache web servers. This would
normally be a problem. But we were able to handle the conflict by using a
different port for SSL and on our Apache all the pages are secure.

We should have been able to solve our problem by doing the same type of
thing by using only the SSL port on our Apache web site.

We tried to solve this by doing the following:

httpcfg set iplisten /i 10.0.15.10:80

Thinking this would only open the port for this address. Not the case. It
still opens port 80 for all addresses defined in the new listener list. And
since we are using 443 for all our other ports (other than this address that
we wanted to use for our Apache Web Server), if you define even one web site
in IIS as 443 all the address in the lists will listen on 443 even though we
have the above entry which says only use port 80.

This is really a worthless entry (that MS docs says is a valid entry)

From the article:

http://technet2.microsoft.com/Window....mspx?mfr=true
httpcfg set iplisten
/iIp:Port
The /i parameter takes a string specifying the IP address to be added to the
IP-Listen List. This can be either an IPv4 or IPv6 address. When using set
iplisten, the /i parameter is required.

This really does nothing. It doesn't matter if you set this. If any of the
other addresses in the list have 443 defined in the Web Site page of IIS,
they all get it.

Tom

>
> "tshad" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>I need to figure this out as we tried to get this working today and found
>>that because I add 443 to one address - it will do it for all the address
>>in the list.
>>
>> I don't want to do that.
>>
>> I need to be able to tell IIS to only open port 443 on a particular
>> address and not all the IPs in the list. Is there a way to do this? It
>> appears that httpcfg won't help me here. It works great for stopping it
>> from grabbing all the addresses in the list. But it still seems to be
>> Socket pulling on all those addresses. If you open a port on one
>> address - it will grab it for all the addresses.
>>
>> Thanks,
>>
>> Tom
>> "tshad" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I got it all working with httpcfg, but ran into an interesting problem.
>>>
>>> I have 3 websites set as 192.168.122.200 and port 80 with ssl set to
>>> ports
>>> 4430, 4431, 4433. I also used httpcfg to define 1 address to bind to
>>> (192.168.122.200). I also have 192.168.122.201-203 defined on the the
>>> Nic
>>> but nothing bound to them
>>>
>>> This gave me the following - which makes sense.
>>> ************************************************** ***
>>> C:\Documents and Settings\Administrator>netstat -an | find /i
>>> "listening"
>>> ...
>>> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
>>>
>>> C:\>httpcfg query iplisten
>>> IP : 192.168.122.200
>>> ----------------------------------------------------------------------------
>>> --
>>> ************************************************** ***
>>>
>>> But then I used httpcfg to add another Address to the listening list but
>>> still am not binding anything to it. But it seems to bind all the ports
>>> that are bound to 192.168.122.200 also to 192.168.122.201. But if I am
>>> not
>>> using Socket Pooling - why is it binding all the ports to the new IP?
>>>
>>> ************************************************** *************
>>> Microsoft Windows [Version 5.2.3790]
>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>
>>> C:\Documents and Settings\Administrator>netstat -an | find /i
>>> "listening"
>>> ...
>>> TCP 192.168.122.200:80 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4430 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4431 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.200:4433 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.201:80 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.201:4430 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.201:4431 0.0.0.0:0 LISTENING
>>> TCP 192.168.122.201:4433 0.0.0.0:0 LISTENING
>>>
>>> C:\Documents and Settings\Administrator>cd\
>>>
>>> C:\>httpcfg query iplisten
>>> IP : 192.168.122.200
>>> ----------------------------------------------------------------------------
>>> --
>>> IP : 192.168.122.201
>>> ----------------------------------------------------------------------------
>>> --
>>> ************************************************** **************
>>>
>>> Thanks,
>>>
>>> Tom
>>>
>>>
>>
>>
>
>

"tshad" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Thinking this would only open the port for this address. Not the case. It
> still opens port 80 for all addresses defined in the new listener list.

This must be modeled after the Windows Firewall. Same issue there--if you open
a port, it opens it for all IPs on the box, even though you can specify an IP.