Problems setting up a web server with Win XP and IIS 5.1...???

[Guest]

I'm having a problem with setting up my home web server, I'm hoping that
someone can shed some light, or point me in the right direction. I'm running
Win XP Pro with IIS 5.1. I'm trying to set my computer up in order to make
viewable from the web, basic html's. My equipment is as follows:

Win XP SP2
IIS 5.1
Windows firewall
Linksys Router (model BEFSR41)
Cable modem (dynamic IP)

What I’ve done is install IIS via the Win XP CD and set my settings up for
my default website (ie...ip = "all unassigned", port = 80, enabled default
content, mostly the default settings). Once that was set up, I placed my
html document in the web directory that IIS points to. The html page
displays when using the LAN ip or the http://localhost...etc.

Next, I assigned a static local LAN ip to my web server (not in the range of
assigned ip's that my router gives out). I then, in the router config page,
forward all port 80 traffic to the server via the static local LAN ip. I
then check it via the local LAN ip, http://localhost, as well as the ISP ip
that is assigned...everything works.

I then configured the windows firewall by adding port 80 as an
"Exception"...keeping the rest of the settings default.

So by this point, I'm thinking... IIS set up (check), router configured
(check), firewall allowing port 80 traffic (check). So I check the site via
the local LAN ip as well as http://localhost...etc. Everything works.

Now this is where the problem starts. I try to access my site from outside
my network...nothing. I try to ping my server from outside my
network...nothing. I tried changing setting in IIS, the router, and with
windows firewall and re ping'ing...nothing (doing this for about two weeks
now by trying different settings and getting nowhere).

So yesterday, trying to isolate the problem, I hooked my server up directly
to the modem, got all my settings set back to the way I think that they
should be (with the new dynamic ip that my ISP gave me), thus taking the
router out of the equation. Well...I can still see the site via the ip of
the server as well as http://localhost...etc. However when I ping the server
from outside the network, I get nothing. So, I get to thinking (which
normally gets me in trouble), I'll disable the firewall and see if that gets
me any different results. Well after turning window's firewall off, I was
able to ping my server from outside my network. However, when I try to view
my site from outside my network (http://xxx.xxx.xxx.xxx and
http://xxx.xxx.xxx.xxx/index.html), I don't get anything, just a "Cannot Find
Server" error.

So as it stands right now...I'm thinking that something that I have set up
in IIS is not letting the site be viewable to the outside world. I took the
firewall and router out of the equation and the problem still persists. I'm
not sure if my router and firewall are set up exactly the way they should be,
but with those turned off, I should be able to see my IIS site from the
outside world...right?

I've been searching for instructions for setting up a web server with IIS
and Win XP, and have come across some websites that give you step 1-10, but
they don't seem to be working for "outside my network" access. I read
somewhere that you might have to have asp.net installed for IIS to work...is
this true? Nothing else that I've read mentioned that. I'm still reading
anything that I can in order to get this thing running, but keep hitting dead
end after dead end.

Any help would be GREATLY appreciated...suggestions, comments, links,
references...etc?

Thanks,
Thomas

 

[Guest]

Oh, I forgot to mention that I talked to my ISP and they said that they allow
servers to be run with there internet service, and that they do not block
port 80.

Thomas

 

[Lanwench [MVP - Exchange]]

I'm having a problem with setting up my home web server, I'm hoping
that someone can shed some light, or point me in the right direction.
I'm running Win XP Pro with IIS 5.1. I'm trying to set my computer
up in order to make viewable from the web, basic html's.

This sort of thing does make me a bit nervous from a security standpoint.
I'd hope this isn't the same box you use as a workstation...

My
equipment is as follows:

Win XP SP2
IIS 5.1
Windows firewall
Linksys Router (model BEFSR41)
Cable modem (dynamic IP)

When you do get this up and running, go to www.dyndns.com or similar, and
set up a dynamic DNS service - and download the update client to run as a
service on this PC (or use your Linksys, which may have an update client
built in). Then you'll be able to use
http://myhostname.dynamicdnscompany.com and not worry about IP address
changes. But that's not relevant yet, of course.

What I've done is install IIS via the Win XP CD and set my settings
up for my default website (ie...ip = "all unassigned", port = 80,
enabled default content, mostly the default settings). Once that was
set up, I placed my html document in the web directory that IIS
points to. The html page displays when using the LAN ip or the
http://localhost...etc.

Next, I assigned a static local LAN ip to my web server (not in the
range of assigned ip's that my router gives out). I then, in the
router config page, forward all port 80 traffic to the server via the
static local LAN ip. I then check it via the local LAN ip,
http://localhost, as well as the ISP ip that is assigned...everything
works.

I then configured the windows firewall by adding port 80 as an
"Exception"...

But is it an exception for * or only the local subnet?

keeping the rest of the settings default.

So by this point, I'm thinking... IIS set up (check), router
configured (check), firewall allowing port 80 traffic (check).

Can you successfully telnet to your public IP address on port 80, from
outside?

So I
check the site via the local LAN ip as well as
http://localhost...etc. Everything works.

What about testing http://lanIP from another computer on your LAN, just to
make sure you can access it from something other than the box itself? That's
the interim thing I'd try....

Now this is where the problem starts. I try to access my site from
outside my network...nothing. I try to ping my server from outside my
network...nothing.

Unless you'd opened up inbound ICMP, that doesn't mean much.

I tried changing setting in IIS, the router, and
with windows firewall and re ping'ing...nothing (doing this for about
two weeks now by trying different settings and getting nowhere).

Pinging isn't a useful test. You can't ping www.citibank.com but I do think
their servers are operational

So yesterday, trying to isolate the problem, I hooked my server up
directly to the modem, got all my settings set back to the way I
think that they should be (with the new dynamic ip that my ISP gave
me), thus taking the router out of the equation. Well...I can still
see the site via the ip of the server as well as
http://localhost...etc. However when I ping the server from outside
the network, I get nothing. So, I get to thinking (which normally
gets me in trouble), I'll disable the firewall and see if that gets
me any different results. Well after turning window's firewall off,
I was able to ping my server from outside my network.

Ouch - don't connect without a firewall, even for a nanosecond. Put your
router back in place asap.

However, when
I try to view my site from outside my network (http://xxx.xxx.xxx.xxx
and http://xxx.xxx.xxx.xxx/index.html), I don't get anything, just a
"Cannot Find Server" error.

So as it stands right now...I'm thinking that something that I have
set up in IIS is not letting the site be viewable to the outside
world. I took the firewall and router out of the equation and the
problem still persists. I'm not sure if my router and firewall are
set up exactly the way they should be, but with those turned off, I
should be able to see my IIS site from the outside world...right?

I've been searching for instructions for setting up a web server with
IIS and Win XP, and have come across some websites that give you step
1-10, but they don't seem to be working for "outside my network"
access. I read somewhere that you might have to have asp.net
installed for IIS to work...is this true?

Nah. I'm not much of an IIS expert, but it sounds like you've got that part
right.

Nothing else that I've
read mentioned that. I'm still reading anything that I can in order
to get this thing running, but keep hitting dead end after dead end.

Any help would be GREATLY appreciated...suggestions, comments, links,
references...etc?

Thanks,
Thomas

The telnet would be a useful test....as would knowing whether you can access
the site from another machine on the same network.

 

[Guest]

Lanwench,

"This sort of thing does make me a bit nervous from a security standpoint.
I'd hope this isn't the same box you use as a workstation..."

No, this is a separate computer that I set aside just for this purpose.




"When you do get this up and running, go to www.dyndns.com or similar, and
set up a dynamic DNS service - and download the update client to run as a
service on this PC (or use your Linksys, which may have an update client
built in). Then you'll be able to use
http://myhostname.dynamicdnscompany.com and not worry about IP address
changes. But that's not relevant yet, of course."

I went ahead and set up an account with them as well as downloading their
automatic IP updater software. I also noticed that my router DOES have an
option to choose DynDNS in it's settings. Do you think that this might cause
a conflict...having the router as well as DynDNS's software set to update the
ip?



"But is it an exception for * or only the local subnet?"

When I "configured" the firewall, under the exceptions tab, I clicked "Add
Port" then entered the name of the exception then the port number (80). That
was all I did. I didn't mess with anything under the "Change Scope" option.
So my setting would be the default. Does it need to be set to "Any
computer...", "My network...", or "Custom..."? I suppose that if the setting
were set to custom, I would enter the local IP of my server (192.168.1.20)?




"Can you successfully telnet to your public IP address on port 80, from
outside?"

I haven't tried this, I'm not too sure what to do. I'll try looking it up
and see if I can get it to work.



"What about testing http://lanIP from another computer on your LAN, just to
make sure you can access it from something other than the box itself? That's
the interim thing I'd try...."

Yes, this works just fine. I can connect to anything I want as long as I'm
behind the router.



"Unless you'd opened up inbound ICMP, that doesn't mean much."

So the only way that you are going to get a ping response from your server
is if you "allow" it to be ping'ed? I didn't set anything like that up, so I
assume that me getting a "time out" error is normal? I'm guessing that is
set in the firewall...thus the reason why I couldn't ping my server when the
firewall was up and could when it was down?



"Ouch - don't connect without a firewall, even for a nanosecond. Put your
router back in place asap."

I did this to see if it was my firewall blocking it. It didn't solve the
problem, so I turned it right back on.



"The telnet would be a useful test....as would knowing whether you can
access the site from another machine on the same network."

I'll try to telnet to it and see what happens. If the telnet fails, what
might be causing that?


Thanks for the response,
Thomas

 

[Lanwench [MVP - Exchange]]

Lanwench,

"This sort of thing does make me a bit nervous from a security
standpoint. I'd hope this isn't the same box you use as a
workstation..."

No, this is a separate computer that I set aside just for this
purpose.

Good - but I'd still be wary. Hosting a public website on your LAN (even if
it isn't on your usual machine) can be risky.

"When you do get this up and running, go to www.dyndns.com or
similar, and set up a dynamic DNS service - and download the update
client to run as a service on this PC (or use your Linksys, which may
have an update client built in). Then you'll be able to use
http://myhostname.dynamicdnscompany.com and not worry about IP address
changes. But that's not relevant yet, of course."

I went ahead and set up an account with them as well as downloading
their automatic IP updater software. I also noticed that my router
DOES have an option to choose DynDNS in it's settings. Do you think
that this might cause a conflict...having the router as well as
DynDNS's software set to update the ip?

Yes. Pick one. I personally find the software/service more reliable (and
Dyndns said they thought it was too) but whichever works for you. Just not
both.

"But is it an exception for * or only the local subnet?"

When I "configured" the firewall, under the exceptions tab, I clicked
"Add Port" then entered the name of the exception then the port
number (80). That was all I did. I didn't mess with anything under
the "Change Scope" option. So my setting would be the default. Does
it need to be set to "Any computer...", "My network...", or
"Custom..."?

Any computer, if you want people to be able to connect to it over the
Internet.

I suppose that if the setting were set to custom, I
would enter the local IP of my server (192.168.1.20)?

No, you'd configure it for * - meaning, everything.

"Can you successfully telnet to your public IP address on port 80,
from outside?"

I haven't tried this, I'm not too sure what to do. I'll try looking
it up and see if I can get it to work.

"What about testing http://lanIP from another computer on your LAN,
just to make sure you can access it from something other than the box
itself? That's the interim thing I'd try...."

Yes, this works just fine. I can connect to anything I want as long
as I'm behind the router.

Good. So you're close.

"Unless you'd opened up inbound ICMP, that doesn't mean much."

So the only way that you are going to get a ping response from your
server is if you "allow" it to be ping'ed?
Yes.

I didn't set anything
like that up, so I assume that me getting a "time out" error is
normal?
Yes.

I'm guessing that is set in the firewall...thus the reason
why I couldn't ping my server when the firewall was up and could when
it was down?
Yes.



"Ouch - don't connect without a firewall, even for a nanosecond. Put
your router back in place asap."

I did this to see if it was my firewall blocking it. It didn't solve
the problem, so I turned it right back on.

Good - but seriously, it takes only nanoseconds for bad things to happen.

"The telnet would be a useful test....as would knowing whether you can
access the site from another machine on the same network."

I'll try to telnet to it and see what happens. If the telnet fails,
what might be causing that?

Most likely your firewall or router settings.

Thanks for the response,
Thomas

No prob -

 

[Guest]

Lanwench,

I really appreciate your help and patience with this. Thank you.


"Yes. Pick one. I personally find the software/service more reliable (and
Dyndns said they thought it was too) but whichever works for you. Just not
both."

I altered the settings in my router and disabled the DynDNS updater there.
The only updater is now the DynDNS's updater.



I also tried to telnet to the IP address as well as telnet to the domain,
like you suggested. All I get is a "could not open connection to the host on
port 23: connection failed" error. So I checked out the firewall. There I
saw where you can open port 23 for telnet. I did that, and still recieved
the error. I tried to telnet my ip address...the same error popped up. The
way I tried to telnet was Start > Run > telnet > OK. Then I typed in "o
wanip" (no quotes) and hit enter...that's when I get the error.

I got all the settings set the way I think that they should be, I can still
get to my site just fine from within my network, but I still can't get to it
from the outside. Does the fact that I'm not able to telnet to my domain
tell you anything?

I'm lost for what to do...

Thanks,
Thomas

 

[CaCO32]

When you telnet, do "telnet [ip.address of your machine] 80" to connect to
your web server. If you get a connection timeout, you're port or machine are
not open.
Also, check your power management settings. Disable standy and hibernate so
that you can eliminate power problems. Also, in your NIC power management,
disable power management by the OS.
Check IP Filtering on the NIC, too. I think it's in one of the advanced
buttons of LAN properties. You want to allow port 80, or all ports (if
you're daring).
In Windows Firewall, I allowed the program, the port and also had to allow
the service in the settings for the NIC.
Check your firewall logs and event viewer to see if there is anything that
might give you a clue to what is happening, too.
You might want to consider running apache instead of 5.1, too. 5.1's not
real secure.
If you have to do IIS, get IIS Lockdown tool from M$.
This is a good link for "trying" to secure IIS
http://jgranto.dyndns.org/joe/IIS/

Good Luck...

 

[Lanwench [MVP - Exchange]]

Lanwench,

I really appreciate your help and patience with this. Thank you.


"Yes. Pick one. I personally find the software/service more reliable
(and Dyndns said they thought it was too) but whichever works for
you. Just not both."

I altered the settings in my router and disabled the DynDNS updater
there. The only updater is now the DynDNS's updater.



I also tried to telnet to the IP address as well as telnet to the
domain, like you suggested. All I get is a "could not open
connection to the host on port 23: connection failed" error.

That's because you didn't specify the port....

So I
checked out the firewall. There I saw where you can open port 23 for
telnet. I did that, and still recieved the error. I tried to telnet
my ip address...the same error popped up. The way I tried to telnet
was Start > Run > telnet > OK. Then I typed in "o wanip" (no quotes)
and hit enter...that's when I get the error.

See above, and close 23.

I got all the settings set the way I think that they should be, I can
still get to my site just fine from within my network, but I still
can't get to it from the outside. Does the fact that I'm not able to
telnet to my domain tell you anything?

Yes - but see above, and also check out your firewall exclusionto ensure it
isn't only allowing access on TCP 80 from the local subnet.

 

[Guest]

I tried again to telnet my machine and when I type in...

telnet xxx.xxx.xxx.xxx 80

....it thinks for 15 seconds then the command prompt window dissapears...???
I'm not sure what that means, but it usually tells me that i have a
connection failure if it doesn't work, this is different, so maybe it's a
good thing???

I also checked my scope for my port 80 exception. I have it set to "Any
computer (including those on the Internet)"

I also tried power options that were suggested...didn't change anything that
I could tell.

I'm still not able to get to my computer from outside my network.

Thanks,
Thomas

 

[Lanwench [MVP - Exchange]]

I tried again to telnet my machine and when I type in...

telnet xxx.xxx.xxx.xxx 80

...it thinks for 15 seconds then the command prompt window
dissapears...???

Do it this way:

Start | Run
Type:
cmd
Press Enter


When you have the command prompt open, type

telnet xxx.xxx.xxx.80

 

[Guest]

I tried to telnet again per your instructions. I still get the "Could not
open connection to the host, on port 80:Connection failed" error.

I tried entering it all different ways and still get the same error.

Any ideas as to what might be causing this?

Thanks,
Thomas

 

[Lanwench [MVP - Exchange]]

I tried to telnet again per your instructions. I still get the
"Could not open connection to the host, on port 80:Connection failed"
error.

I tried entering it all different ways and still get the same error.

Any ideas as to what might be causing this?

Thanks,
Thomas

If you can do it on the LAN and not from the internet, it's a problem with
one or more of the following:

Router config
Firewall config
ISP port blocking

 

[Guest]

Well...I called my ISP again yesterday to MAKE SURE that they don't block
servers. The lady on the phone a couple weeks ago told me that I could have
100 servers if I wanted. Well, the guy that I talked to today said that she
must not have known what she was talking about, because I have to be on my
ISP's "business" account in order to run my own server. That's GREAT to know
after two weeks of beating my head against a wall.

Well...I got my internet changed over today and viola...it works!!!

I'm able to get to my site from outside my network.

In the future, I'll be sure to call my ISP a couple times and talk to
different people each time I have a problem...

Thanks so much for all your help!!!

Thomas

 

[Lanwench [MVP - Exchange]]

Well...I called my ISP again yesterday to MAKE SURE that they don't
block servers. The lady on the phone a couple weeks ago told me that
I could have 100 servers if I wanted. Well, the guy that I talked to
today said that she must not have known what she was talking about,
because I have to be on my ISP's "business" account in order to run
my own server. That's GREAT to know after two weeks of beating my
head against a wall.

Well...I got my internet changed over today and viola...it works!!!

I'm able to get to my site from outside my network.

In the future, I'll be sure to call my ISP a couple times and talk to
different people each time I have a problem...

Thanks so much for all your help!!!

Thomas

You're most welcome.