Re: RWW interal not external
From: Clay Gerrard (clayg_at_gvtc.com)
Date: 01/18/05
- Next message: Cris Hanna [SBS-MVP]: "Re: Hardware limits for SBS Premium"
- Previous message: Mariette Knap [SBS MVP]: "Re: POP mail"
- In reply to: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Next in thread: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Reply: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 Jan 2005 18:21:59 -0600
SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW are
TCP correct? I can't think of anything special I'd have to do for those
ports on the router as opposed to SMTP. I'm going to contact Linksys in the
morning - I'll see if they have any suggestions, but I've found their tech
support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I promise
I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so I
couldn't even begin to guess where to start looking for something "odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a router/firewall.
Its an option in my routers service console, under the port forwarding
section. You can "enable or disable" it, you can select the source ip
address to be "any ip" or a range [x].[x].[x].[y]-[z] and you can set the
"host" ip address. Everytime I call Linksys "Support" they tell me to turn
it on, leave it set to any ip, then point it to the internal ip of the
server. Which I do, but it doesn't help, so I turn it back off. I'm not
sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator>
Thanks again for everyone's help. I'm definately leaning twoards this being
a router issue, so I'll continue working with Linksys and if I find anything
out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
> There are two places where the ports might be blocked.
>
> a) the router. Ensure you have the port forwarding set correctly, from
> your external IP on the router, to the external IP of the SBS.
> b) RRAS or ISA - run the CEICW, make sure you elect to change the
> settings, not leave them. Ensure you have the items you want accessible
> from the internet selected.
>
> I haven't seen an ipconfig/all in this thread - have we checked to see
> that the nics are correctly configured ?
>
> --
> Les Connor [SBS Community Member - SBS MVP]
> -----------------------------------------------------------
> SBS Rocks !
>
>
> "Clay Gerrard" <clayg@gvtc.com> wrote in message
> news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
>> EXTERNALLY
>>
>> I can NOT telnet in on 444, 443, or 4125
>> the message response is "connection refused"
>>
>> I can however get through on port 25 to my SMTP server from the internet
>>
>> INTERNALLY is a different story
>>
>> I CAN telnet in to 444 & 443, but not much happens when I get there. I
>> don't even know how to close the connection =\
>> 4125 however gives me "could not open connection to host on port 4125",
>> but for all I know this is the expected behavior. I didn't know telnet
>> could get me in on ANY of these ports, so I've already learned something.
>>
>> But, what does all this tell us? Is my router not forwarding the ports
>> to my server or could SBS somehow be refusing a connection to an outside
>> computer? The router has some built in firewall protection, SPI and all
>> that - could this be shutting us down and would "DMZ" have anything to do
>> with it? But then why would port 25 be working? Gremlins?
>>
>> Thanks for all your support!
>>
>> -clay
>>
>>
>>
>> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
>> message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
>>> Hi Clay,
>>>
>>> Can you check if you can telnet to your public IP on port 444 from the
>>> internet?
>>>
>>> --
>>> Regards,
>>>
>>> Marina
>>> Microsoft SBS-MVP
>>> One of the Magical M&M's
>>>
>>> "Clay Gerrard" <clayg@gvtc.com> schreef in bericht
>>> news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
>>>> installed the RMA router, didn't make any difference. I'm going to
>>>> call
>>>> Linksys in the morning.
>>>>
>>>> Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
>>>> apparently
>>> a
>>>> black hole router. It may have other issues as well.
>>>>
>>>> -clay
>>>>
>>>> "Clay Gerrard" <clayg@gvtc.com> wrote in message
>>>> news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
>>>> >I reran CEICW with the public IP. It went through ok the second time,
>>> but
>>>> >the first time I tried it got an error on the "configure firewall"
>>>> >step.
>>>> >
>>>> > anyway
>>>> >
>>>> > https://[external_ip]/remote did not work from an external
>>>> > connection,
>>>> > http://[interal_ip]/remote still works great from internal.
>>>> >
>>>> > I'm still thinking this is a router issue, acctually some one just
>>> dropped
>>>> > my RMA linksys router on my desk, so I'm going to go try and install
>>> that.
>>>> > I'd really love to have some way to verify that requests coming in on
>>>> > these forwarded ports are acctually hitting the server. Is there
>>>> > somewhere in some IIS log that would show me this?
>>>> >
>>>> > -clay
>>>> >
>>>> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
>>>> > message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
>>>> >> Hi Clay,
>>>> >>
>>>> >> Did your ISP create a DNS record for your FQDN? If not, rerun CEICW
>>>> >> and
>>>> >> enter your public IP for the web certificate.
>>>> >>
>>>> >> --
>>>> >> Regards,
>>>> >>
>>>> >> Marina
>>>> >> Microsoft SBS-MVP
>>>> >> One of the Magical M&M's
>>>> >>
>>>> >> "Clay Gerrard" <clayg@gvtc.com> schreef in bericht
>>>> >> news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
>>>> >>> when I ran the CEICW it asked for the FQDN and it was my
>>>> >>> understanding
>>>> >> that
>>>> >>> the certificate is created at that time, is there something more
>>>> >>> that
>>> I
>>>> >> need
>>>> >>> to do manually because this is the first I heard of it.
>>>> >>>
>>>> >>> But if I'm understanding you correctly only the address I specified
>>> will
>>>> >>> work correctly i.e. https://[FQDN]/remote
>>>> >>>
>>>> >>> also, I have already tried https vs http, same results
>>>> >>>
>>>> >>> -clay
>>>> >>>
>>>> >>> THANKS!
>>>> >>>
>>>> >>> "Les Connor [SBS Community Member - SBS MVP]"
>>> <les.connor@DEL.cfive.ca>
>>>> >>> wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
>>>> >>> > Hi Clay,
>>>> >>> >
>>>> >>> > Your server certificate will have been created with the name
>>>> >>> > [fqdn]
>>>> >>> > *or*
>>>> >>> > [external_IP], so you must use whichever when you type the URL
>>>> >>> > from
>>> a
>>>> >>> > remote location.
>>>> >>> >
>>>> >>> > Additionally, sometimes the HTTPS re-direct is the culprit - so
>>>> >>> > try
>>>> >>> > https:// instead of http://, and see if that makes any
>>>> >>> > difference.
>>>> >>> >
>>>> >>> > --
>>>> >>> > Les Connor [SBS Community Member - SBS MVP]
>>>> >>> > -----------------------------------------------------------
>>>> >>> > SBS Rocks !
>>>> >>> >
>>>> >>> >
>>>> >>> > "Clay Gerrard" <clayg@gvtc.com> wrote in message
>>>> >>> > news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
>>>> >>> >> I'm forwarding:
>>>> >>> >> 443, 444, 4125, 1723, 3389, 80
>>>> >>> >>
>>>> >>> >> internally http://[internal_ip]/remote or
>>> http://[servername]/remote
>>>> >> work
>>>> >>> >> great.
>>>> >>> >>
>>>> >>> >> externally, I can't reach http://FQDN/remote or
>>>> >>> >> http://[external_ip]/remote
>>>> >>> >>
>>>> >>> >> is there a good way to verify that ports are being forwarded to
>>>> >>> >> the
>>>> >>> >> server and elimiate the router as an issue? Port 25 is being
>>>> >>> >> forwarded
>>>> >>> >> through the router just fine for SMTP, I can verify that with
>>> telnet
>>>> >> from
>>>> >>> >> an external shell account.
>>>> >>> >>
>>>> >>> >> I've seen serveral posts on this issue, but it seems folks
>>>> >>> >> rarely
>>>> >>> >> post
>>>> >>> >> back the results. If we figure this out I promise I'll let you
>>> know
>>>> >> what
>>>> >>> >> the resolution was.
>>>> >>> >>
>>>> >>> >> Ok so, where do we start?
>>>> >>> >>
>>>> >>> >> -clay
>>>> >>> >>
>>>> >>> >>
>>>> >>> >>
>>>> >>> >
>>>> >>> >
>>>> >>>
>>>> >>>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Cris Hanna [SBS-MVP]: "Re: Hardware limits for SBS Premium"
- Previous message: Mariette Knap [SBS MVP]: "Re: POP mail"
- In reply to: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Next in thread: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Reply: Les Connor [SBS Community Member - SBS MVP]: "Re: RWW interal not external"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
