Win2003 + IIS + Firewall Issue

We have WIN2003/ IIS 6.0 webserver hosting multiple websites.

These sites are setup on single IP address using host-headers.
Everything works fine and any of these sites can be browsed from
workstations connected to Internet, however I can not browse these
websites from the WebServer itself. Request timesout with DNS Error.

Even trying to ping WebServer from the webserver itself fails!

Any ideas on this behaviour?


Many Thanks

Is your 2003 webserver machine also a DC? If so, do you have a root zone
configured? If not, do you have the correct TCP/IP properties configured?
Posting an IPCONFIG /ALL here from your webserver and also from a working
workstation would help.

-Frank

"CodeHelp" <(E-Mail Removed)> wrote in message
news:6CBD9FB7-BE7F-43D8-906B-(E-Mail Removed)...
> We have WIN2003/ IIS 6.0 webserver hosting multiple websites.
>
> These sites are setup on single IP address using host-headers.
> Everything works fine and any of these sites can be browsed from
> workstations connected to Internet, however I can not browse these
> websites from the WebServer itself. Request timesout with DNS Error.
>
> Even trying to ping WebServer from the webserver itself fails!
>
> Any ideas on this behaviour?
>
>
> Many Thanks
>

Thanks Frank for replying.

My knowledge on Nework Configuration is limited as basically I am a
web-programmer and now trying to setup a website on IIS WebServer.

Server has got an internal IP address 192.*.*.* and it can ping that
correctly but it can not ping its external static IP address 83.*.*.* that is
exposed to Internet. However I can ping 83.*.*.* from any workstation that is
conencted to Internet.

"Frankster" wrote:

> Is your 2003 webserver machine also a DC? If so, do you have a root zone
> configured? If not, do you have the correct TCP/IP properties configured?
> Posting an IPCONFIG /ALL here from your webserver and also from a working
> workstation would help.
>
> -Frank
>
> "CodeHelp" <(E-Mail Removed)> wrote in message
> news:6CBD9FB7-BE7F-43D8-906B-(E-Mail Removed)...
> > We have WIN2003/ IIS 6.0 webserver hosting multiple websites.
> >
> > These sites are setup on single IP address using host-headers.
> > Everything works fine and any of these sites can be browsed from
> > workstations connected to Internet, however I can not browse these
> > websites from the WebServer itself. Request timesout with DNS Error.
> >
> > Even trying to ping WebServer from the webserver itself fails!
> >
> > Any ideas on this behaviour?
> >
> >
> > Many Thanks
> >
>
>
>

Is it something to do with Incoming ICMP traffic?

Does anyone knows if incoming ICMP traffic needs to be enabled?

"CodeHelp" wrote:

> We have WIN2003/ IIS 6.0 webserver hosting multiple websites.
>
> These sites are setup on single IP address using host-headers.
> Everything works fine and any of these sites can be browsed from
> workstations connected to Internet, however I can not browse these
> websites from the WebServer itself. Request timesout with DNS Error.
>
> Even trying to ping WebServer from the webserver itself fails!
>
> Any ideas on this behaviour?
>
>
> Many Thanks
>

"Server has got an internal IP address 192.*.*.* and it can ping that
correctly but it can not ping its external static IP address 83.*.*.*
that is
exposed to Internet. However I can ping 83.*.*.* from any workstation
that is
conencted to Internet."


That 83.*.*.* address, is that assigned locally to the server or is it
a NAT through your Internet firewall? To test, do a "Start" and "Run"
and type "CMD". From there, type "ipconfig /all". If you do not see
the 83.*.*.* address listed, then your firewall (your Internet
firewall, not the one built into Windows) is only NATing the traffic
coming in from the internet. You'd need a reflexive NAT in order to
send traffic back to the server from the internal subnet (a NAT rule
that looks for a request from the inside of the firewall, since
normally it only looks for one on the outside).

If you do see it listed, then there's another issue.

When using two NIC's I have seen this happen... you may need to play around
with which NIC is accessing the public IP and private IP... you can trouble
shoot easy enough by turning off one of your NICs I would start with the
local NIC and try to access the internet from there and see what happens...

You may also have issues with the way DNS is setup... is this web server also
the DNS server?

When you say that the workstations can ping the server... are they pinging
the local 192 address or the public address? so another approach would be to
find out which NIC your workstations are communicating with and turn off the
other one temporarily and see if you can work with the server on establishing
communication on that NIC...

I would be willing to bet that there is something to do with the fact that
you are running two NICs... while you can run two NICs successfully there
will be one NIC that has priority over the other and when trying to resolve
names or access a given network (i.e. the internet) it will utilize the
primary NIC settings first and if that NIC is not configured to gain access
to each network you are using there will be problems.

When I say "turn off" a NIC I do so by right clicking it and selecting
disable... this is the easiest way I know of... and not by unplugging the
cable... that will not work...

CodeHelp wrote:
>Thanks Frank for replying.
>
>My knowledge on Nework Configuration is limited as basically I am a
>web-programmer and now trying to setup a website on IIS WebServer.
>
>Server has got an internal IP address 192.*.*.* and it can ping that
>correctly but it can not ping its external static IP address 83.*.*.* that is
>exposed to Internet. However I can ping 83.*.*.* from any workstation that is
>conencted to Internet.
>
>> Is your 2003 webserver machine also a DC? If so, do you have a root zone
>> configured? If not, do you have the correct TCP/IP properties configured?
>[quoted text clipped - 15 lines]
>> >
>> > Many Thanks

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...rking/200512/1