|
Home > Archive > IIS Server > December 2004 > Serious IIS6 issue - Please help!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Serious IIS6 issue - Please help!
|
|
|
| We attempted to take our 2003 IIS6 server live today, but
failed miserably.
What we have is around a dozen websites currently hosted by
2000 AS & IIS5. We have unique external IPs mapped to our
DNS (215.x.x.x to www.mysite.com, etc); our firewall
intercepts the external IPs, and translates them to our
internal IPs and IIS5 processes them just fine and spits
them back out through the firewall.
We have one IP to one website.
2000 AS and IIS5 are fine and have no problems at all.
We built a new 2003 box and mapped the EXACT internal IPs
to the same websites. And now, you cannot see anything from
the outsite. We couldn't see anything from inside either
until we added a custom mapped header to the website that
mapped the internal IP to the same named host header.
In researching this problem, I came across this:
http://support.microsoft.com/defaul...kb;en-us;218180
My understanding is that IIS6 will not allow translated IPs
to work. Is this correct?
Just to verify, this is what we have (an example):
215.100.100.1->Our
FireWall->192.168.100.1->IIS6->www.mysite.com
I can get it working internally, but not to the outside
world. My guess is that IIS6 is tagging the header with the
internal IP. How on earth do I get around this (if at all)?
Any help would be GREATLY appreciated.
Thanks!
| |
|
| Hi Moogy,
I might not have the solution for your problem but I can rule out a few
things for you:
1. IIS 6 works fine with multiple IP addresses on a NIC. I personally use
about 27 sites on a win2k3 server. Check if the sites are running and if
they are try accessing the sites from the private IP without the headers.
Just put a host file in client machine map the domains to the private IP and
check.
2. Generally webservers are behind firewalls and sometimes behind
loadbalancers so what you trying to do is what IIS is designed to do.
3. If the test 1 works fine try mapping the domains to the external IPs
through the host file. I would ask one of the network guys to put a sniffer
to see whats happening to the packets are the requests even reaching IIS.
Thanks,
have a good one!
Tarak
I was sane and then i got married!
"Moogy" wrote:
> We attempted to take our 2003 IIS6 server live today, but
> failed miserably.
>
> What we have is around a dozen websites currently hosted by
2000 AS & IIS5. We have unique external IPs mapped to our
> DNS (215.x.x.x to www.mysite.com, etc); our firewall
> intercepts the external IPs, and translates them to our
> internal IPs and IIS5 processes them just fine and spits
> them back out through the firewall.
>
> We have one IP to one website.
>
> 2000 AS and IIS5 are fine and have no problems at all.
>
> We built a new 2003 box and mapped the EXACT internal IPs
> to the same websites. And now, you cannot see anything from
> the outsite. We couldn't see anything from inside either
> until we added a custom mapped header to the website that
> mapped the internal IP to the same named host header.
>
> In researching this problem, I came across this:
> http://support.microsoft.com/defaul...kb;en-us;218180
>
> My understanding is that IIS6 will not allow translated IPs
> to work. Is this correct?
>
> Just to verify, this is what we have (an example):
>
> 215.100.100.1->Our
> FireWall->192.168.100.1->IIS6->www.mysite.com
>
> I can get it working internally, but not to the outside
> world. My guess is that IIS6 is tagging the header with the
> internal IP. How on earth do I get around this (if at all)?
>
> Any help would be GREATLY appreciated.
>
> Thanks!
>
| |
|
| Are you having a firewall take the public IP and
translate it to a private 192.x.x.x IP that IIS6
handles? Or do you map the public IP directly to the
server?
Our problem is definitely with mapping the public IP to
the private IP.
>-----Original Message-----
>Hi Moogy,
>
>I might not have the solution for your problem but I can
rule out a few
>things for you:
>1. IIS 6 works fine with multiple IP addresses on a NIC.
I personally use
>about 27 sites on a win2k3 server. Check if the sites
are running and if
>they are try accessing the sites from the private IP
without the headers.
>Just put a host file in client machine map the domains
to the private IP and
>check.
>2. Generally webservers are behind firewalls and
sometimes behind
>loadbalancers so what you trying to do is what IIS is
designed to do.
>3. If the test 1 works fine try mapping the domains to
the external IPs
>through the host file. I would ask one of the network
guys to put a sniffer
>to see whats happening to the packets are the requests
even reaching IIS.
>Thanks,
>have a good one!
>
>Tarak
>I was sane and then i got married!
>
>"Moogy" wrote:
>
but[vbcol=seagreen]
hosted by[vbcol=seagreen]
> 2000 AS & IIS5. We have unique external IPs mapped to
our
spits[vbcol=seagreen]
IPs[vbcol=seagreen]
from[vbcol=seagreen]
either[vbcol=seagreen]
that[vbcol=seagreen]
us;218180[vbcol=seagreen]
translated IPs[vbcol=seagreen]
with the[vbcol=seagreen]
all)?[vbcol=seagreen]
>.
>
| |
| Kristofer Gafvert 2004-12-28, 6:06 pm |
| Hello,
I have had the very same network setup, and it has been working fine.
From outside the firewall (since that is where you are having
problems), can you please try to telnet to port 80 on the webserver.
telnet 215.100.100.1 80
assuming that is your public IP.
1: Do you get a response?
1.1 If not, please try to ping the IP.
1.1.1 If you cannot ping the IP (and you have not disabled ping), then
there seems to be network issues outside your firewall.
1.1.2 If you can ping the IP, then port 80 seems to be blocked. Please
verify that the port is open in the firewall, and forwarded to the
correct IP on the inside. Also verify that your ISP has not decided to
block port 80.
1.2 If you get a response, then IIS is answering (or possible that
something else is answering). Then we need to know what error message
you get back when trying to access the website.
Also double check that the IP has not changed anywhere. Do not use the
domain name when doing troubleshooting, because that will involve DNS
aswell, which could be the problem.
What do you mean by "custom mapped header"? What exactly did you do?
Since it worked before, without doing that change, it is very likely
that this changed is required for the outside as well. Or that there is
a misconfiguration so that this change is required to get it to work.
My first thought about this problem is that some IP somewhere is
changed, so that requests does not make it to the webserver.
--
Regards,
Kristofer Gafvert
www.ilopia.com
Moogy wrote:
> We attempted to take our 2003 IIS6 server live today, but
> failed miserably.
>
> What we have is around a dozen websites currently hosted by
> 2000 AS & IIS5. We have unique external IPs mapped to our
> DNS (215.x.x.x to www.mysite.com, etc); our firewall
> intercepts the external IPs, and translates them to our
> internal IPs and IIS5 processes them just fine and spits
> them back out through the firewall.
>
> We have one IP to one website.
>
> 2000 AS and IIS5 are fine and have no problems at all.
>
> We built a new 2003 box and mapped the EXACT internal IPs
> to the same websites. And now, you cannot see anything from
> the outsite. We couldn't see anything from inside either
> until we added a custom mapped header to the website that
> mapped the internal IP to the same named host header.
>
> In researching this problem, I came across this:
> http://support.microsoft.com/defaul...kb;en-us;218180
>
> My understanding is that IIS6 will not allow translated IPs
> to work. Is this correct?
>
> Just to verify, this is what we have (an example):
>
> 215.100.100.1->Our
> FireWall->192.168.100.1->IIS6->www.mysite.com
>
> I can get it working internally, but not to the outside
> world. My guess is that IIS6 is tagging the header with the
> internal IP. How on earth do I get around this (if at all)?
>
> Any help would be GREATLY appreciated.
>
> Thanks!
| |
| Jeff Cochran 2004-12-29, 2:48 am |
| On Tue, 28 Dec 2004 09:02:46 -0800, "Moogy"
<anonymous@discussions.microsoft.com> wrote:
>We attempted to take our 2003 IIS6 server live today, but
>failed miserably.
>
>What we have is around a dozen websites currently hosted by
>2000 AS & IIS5. We have unique external IPs mapped to our
>DNS (215.x.x.x to www.mysite.com, etc); our firewall
>intercepts the external IPs, and translates them to our
>internal IPs and IIS5 processes them just fine and spits
>them back out through the firewall.
>
>We have one IP to one website.
>
>2000 AS and IIS5 are fine and have no problems at all.
>
>We built a new 2003 box and mapped the EXACT internal IPs
>to the same websites. And now, you cannot see anything from
>the outsite. We couldn't see anything from inside either
>until we added a custom mapped header to the website that
>mapped the internal IP to the same named host header.
>
>In researching this problem, I came across this:
>http://support.microsoft.com/defaul...kb;en-us;218180
>
>My understanding is that IIS6 will not allow translated IPs
>to work. Is this correct?
No, they work fine. IIS hasn't a clue about what the IP was before it
was translated by your firewall.
>Just to verify, this is what we have (an example):
>
>215.100.100.1->Our
>FireWall->192.168.100.1->IIS6->www.mysite.com
>
>I can get it working internally, but not to the outside
>world. My guess is that IIS6 is tagging the header with the
>internal IP. How on earth do I get around this (if at all)?
Don't use host headers if you have a separate IP for each site. Bind
each site to just that IP, and make sure your DNS directs the host
name to the correct IP and the firewall translated the IP correctly.
Jeff
>Any help would be GREATLY appreciated.
>
>Thanks!
|
|
|
|
|