January 27th, 2004, 02:00 PM
Help with IIS permissions
Setup: Windows XP Pro running IIS on a domain with a static 192.168.x.x IP addy. Running a router that is dhcp enabled with a built in firewall and port 80 is open.
Problem: Cannot view the webpage externally using domain name. Cannot view page internally using the domain name but can view it by using the IP address from inside the network.
If there's anyone that can assist me with this problem, please feel free to email me. It's driving me nuts. I've looked at all the permission settings and they appear to be correct. I am a novice at IIS and this is a company computer. (Just got hired as the sys admin and would like to make a decent impression. lol)
If there's any other info that is needed, let me know and I'll get it for you. Thanks.
January 28th, 2004, 12:59 AM
For the first problem:
Have you purchased the domain name with a domain registering company? You need to buy the domain and set up DNS for it so that when anyone types in the domain name it goes to your router. Do you have a static IP address? If you do, it should be quite easy to use a company such as ZoneEdit (http://www.zoneedit.com) to make all requests to the domain name forward to your IP address. As long as the port 80 is open on the router and forwarding to your IIS server, you should be able to see the website. If this doesn't work, try accessing the site externally using the external IP address of the router.
If you don't have a dynamic IP address, you'll need to use something like DynDNS (http://www.dyndns.org/).
You say you are connected to a domain, so you must have a DNS server. Make sure that this DNS server is configured properly for the domain. If it is correct, you should be able to access the site by going to computername.domainname.com. You can then add a CNAME record in the DNS, such as www to allow you to access the site from www.domainname.com.
January 28th, 2004, 11:37 AM
We are managed by an ISP that provides our T1. They manage our DNS servers and our onsite router. They are also the ones that have set up the url in the DNS servers and configured our router to route to our web server supposedly.
We are running an internal static IP addy of the 192.168.x brand on the web server. Ping is turned off so that isn't an option. You can't access the website from outside the network using either the URL nor the IP addy.
You cannot access the website from inside the network using the url, but you can, of course, access it by typing in the IP addy on any computer connected to the network.
Last edited by dsrt; January 28th, 2004 at 11:43 AM.
January 28th, 2004, 11:56 AM
I'm not sure I quite understand everything!
Have your ISP sorted out buying the domain name and setting up DNS for it? They should have bought the domain and configured DNS for it so that all requests are sent to the external interface of the router. Therefore, typing the external ip address of the router from a computer outside the network should display your site (as long as they have correctly opened up port 80 and configured it to forward to your internal server). If it doesn't, I think you should speak with your ISP, as it seems that they are completely responsible. Check with them that they have:
- bought the domain
- configure dns to forward to your external ip address of the router
- opened port 80 on the router
- configured the router to redirect all incoming requests on port 80 to the internal ip address of your web server.
For internal access, you should have your own internal DNS servers (because you say the computer is part of a domain and Active directory requires a DNS server). Internal computers should be set to use the internal DNS server as their DNS server in the network connections and the DNS server should be set up to forward requests for www.yourdomainname.com to your internal web server.
January 28th, 2004, 12:16 PM
We do not have active directory at this point. The DNS servers I was referring to are our ISP's servers. The only thing that we have onsite is our router which they configure remotely for us.
We are running a basic NT 4.0 domain. Everything but certain servers such as IIS, Exchange (which isn't running yet), printers and anything else that needs to be constant, has a static IP addy.
We have talked and talked with our ISP and they swear up and down that the router is configured to forward port 80 stuff to our web server and that if it isn't accessible, then it's a problem with the way our IIS is set up, either permissions, or basic setup.
Like I said, I'm new at dealing with IIS so if I'm not being real clear, it's because I'm still in the learning phase. I will try to get the answers you need in a timely manner. lol
Thanks for the help so far.
January 28th, 2004, 12:36 PM
Not running your own internal DNS servers partly explains this problem. Since you have no DNS server to translate domain names into IP addresses, presumably the computer with the Internet connection forwards all DNS queries to the ISP's DNS server. Therefore, when you type in the domain name into your browser on the local network, the ISP's DNS server tries to translate the domain into the IP address, but is unable to do so, because of a problem yet to be discovered.
I think that as soon as you are able to access the domain externally you will also be able to access the website internally by using the domain name.
Do you know what the external IP address of the router is? Can you try pinging it from an external pc?
Also, can you access the admin pages for the router, and check if the ISP have correctly set up port mapping, to map all external connections to the internal web server on port 80?
Finally, why don't you go to http://grc.com/default.htm and click on Shields UP (about halfway down the page). Click the Proceed button and click Common Ports. It will then probe your router to see if any of the ports are open. Hopefully, it should say that port 80 is open.
January 28th, 2004, 01:21 PM
We have a range of IP's from .185 to .190...when I did the shields up test, it gave me an IP addy of .34 which had port 80 closed.
I can ping the .34 IP but not any of the other ranged IP's.
We cannot access the router. This is managed by the ISP and as far as I know, only they have the user/pass for it.
January 28th, 2004, 01:43 PM
Try running the shields up test from the web server itself and see if port 80 is open.