Hosting a site behind my lynksis...what am I overlooking?

[Patrick_Bateman]

Ok, I have a win2kserver box running IIS/.net framework w/ a .net site running as the default website. I'm using no-ip for DNS for my dynamic IP, which the client recognized just fine. I can enter the no-ip domain name from computers in my lan to see the site, as well as just entering in my external IP from w/in my lan. However, nobody outside my lan that I've tested w/ can get the site. I even linked them directly to my IP and still no dice.

here's a checklist of my troubleshooting thus far:

1. forewarded port 80 on the IP of the server box on the router - didn't work
2. dmz'ed the ip of the server box - didn't work
3. sent the name.no-ip.com link for both the above tests to a person outside my lan - didn't work.
4. sent my external IP link for tests #1&2...didn't work
5. undid the IIS lockdown .exe that I used on the server box (removed the settings it changed) - didn't work. I don't think that would diferentiate b/w a lan IP and an IP outside of my LAN anyways.

didn't work = the person outside the lan couldn't connect to the site.

disclaimer: I didn't see the error message they recieved when they tried to access the site, so I don't know if its an asp.net/IIS error or just a flat-out "page unavailable" error. The people I linked to didn't tell me anything except "I can't get it."

Has anyone had a similar issue here? Am I overlooking something?

 

[Jgedeon]

Sounds like your ISP is blocking ports.

 

[KevinO]

Any software firewalls running that might be blocking port 80? Have you tried removing your router from the picture and connection your computer straight to you internet connection (I know DMZ is supposed to do the same thing)?

 

[Patrick_Bateman]

I haven't tried connecting cable modem > computer. I will try that next.

as far as software firewalls on the hosting computer, I installed Zonealarm, couldn't connect w/ my lan computers, and then uninstalled it b/c of that. So I don't think ZA is the problem, unless it didn't remove settings/services that I didn't know about.

I didn't think about my ISP blocking ports, but that sounds like it could be the culprit. What should I do to troubleshoot the ISP port blocking? Configure IIS to listen on a random unknown port (and foreward it on the router)?

 

[Elmo187]

I didn't think about my ISP blocking ports, but that sounds like it could be the culprit. What should I do to troubleshoot the ISP port blocking? Configure IIS to listen on a random unknown port (and foreward it on the router)?

Yup, try that, and have your friends type in yourdomain.com:newport# in their browsers to access your site.

 

[Great_Melinko]

use apache2, IIS is shit, i never got it to work either.

 

[HorsePunchKid]

use apache2, IIS is shit, i never got it to work either.

To expand on this lame comment, if you need to be using the .NET framework, there is a free/open alternative, Mono. I don't know that much about how .NET and IIS interact, but I'm fairly sure you can get Mono working with Apache to do ASP.NET and all that jazz. You'll probably need something like this Apache module to get it working.

 

[maw]

use apache2, IIS is shit, i never got it to work either.

nice useless post you got there. if his problem is a blocked port 80, it does not matter one iota which web server he is using if it's listening on that port.

 

[Jgedeon]

I haven't tried connecting cable modem > computer. I will try that next.

as far as software firewalls on the hosting computer, I installed Zonealarm, couldn't connect w/ my lan computers, and then uninstalled it b/c of that. So I don't think ZA is the problem, unless it didn't remove settings/services that I didn't know about.

I didn't think about my ISP blocking ports, but that sounds like it could be the culprit. What should I do to troubleshoot the ISP port blocking? Configure IIS to listen on a random unknown port (and foreward it on the router)?

Though ZoneAlarm is only a software firewall you could have still configured it to allow access without uninstalling it. But that is up to you. Once access is made into the server and if you server is inside your LAN then you have just given access to your LAN. Try only forwarding the needed and correct ports. NAT from your router will protect you better than the software can.

If your ISP is blocking ports then due to the rules we can not tell you how to do this. More and more ISP's are blocking ports. People running unsecure servers cause an ISP havoc on there IP blocks. Unsecure and misconfigured Email servers can get the IP Block blacklisted and then that is a fight in itself to get it off the black list.

No matter which platform you run please secure and properly configure your server(s). Don't just install the needed software/service and run with it. Configure it, secure it, and test it.

 

[Patrick_Bateman]

well...I want to get this site up and running for external users before I even think about messing with a whole new webserver install like Apache/whatever. I feel that its more the administrator than the software as far as security goes, as you have to take the proper security precautions and configure the right settings. I know plenty people who switched to firefox out of paranioa, while @ the same time, you can achieve most of the same things by knowing which settings to implement in IE.

Jgedeon: I read the ASP.net security checklist from the MSDN....much of the stuff I skipped b/c my site doesn't have any user input for external users just yet (although I do have a backend page for site administrators to post stories/news).

Is there a way to tunnel the port so that the user doesn't have to type in the port# after the url in his/her browser?

 

[Jgedeon]

Set it to do it with your NO-IP account. They type http://yoursite.no-ip.com and it will send it to the set ip and port. The only time the other user will have to type the port is when they type your IP address and the port number so that they can test it for you to make sure it's working.

 

[Great_Melinko]

nice useless post you got there. if his problem is a blocked port 80, it does not matter one iota which web server he is using if it's listening on that port.

ya well i tried changing the port as its blocked for me too. guess what, DOESNT WORK

 

[maw]

ya well i tried changing the port as its blocked for me too. guess what, DOESNT WORK

ya, but c'mon man, use some common sense first. your suggestion to go to Apache2 is a silly recommendation at this point. It's like people who respond to any kind of computer problem with "Windows sux, switch to linux" without even considering the problem might actually be bad RAM or something else.

 

[-zax-]

Try changing your host port from 80 to 8080 on IIS. Then try seeing if you can access your site via that port.

i.e. - 111.111.111.12:8080

If it brings up your page... you're ISP is blocking port 80.

I know Cox communications does.

 

[Patrick_Bateman]

yep..they were blocking port 80. I changed it to 81 in IIS and forewarded it...it worked fine when I sent my friend my http:serverIP:81.

Now I have to figure out how to tell no-ip to make that my default port...I can't find the option in the site.

 

[Patrick_Bateman]

Ok, I found where you are supposed to change the port in No-IP's site, but my friends still can't get into my server when they enter in my domanname.no-ip.com. They can get in when I send them my externalP:81, but not the no-ip name. I can get in on another computer in my network by entering the domainname.no-ip.com however, which is confusing me. I even linked the site to a person 3 houses down from me and he uses the same ISP...he can't get to the site w/ the no-ip name.

Do I have to wait for the name to propagate through DNS servers? I started the no-ip client 4-5 days ago, but set the port 80 redirect option around 1 hour before this post.

 

[-zax-]

Typically for any major DNS to changes to take place there is usually a 24-48 hour wait before all changes are processed.

I'd wait another day and see if that makes a difference.

 

[Patrick_Bateman]

everything works fine now. Even from outside of my LAN. Thanks for all the help.

 

[maw]

everything works fine now. Even from outside of my LAN. Thanks for all the help.

woohoo! good to hear, glad we could help