Web server issue
in [Firewalls]
|
Prev: Daemon Alert - Nokia
Next: Earthlink Firewall
From: peter.mcclymont on 6 May 2006 00:46 Hi All, I have a web server (IIS using ASP .NET 2.0) behind a broadband router. I cannot get the web server to be visible on the internet. I can run the web site from the computer it is hosted on though. On the router I have opened the port 80 to allow the traffic through (using port forwarding), and also tried to run it in DMZ mode, but neither seem to work. I ran 'netstat -ano' and it seemed to suggest when I connected to the web site (internet IP #) that other ports were needed as well as 80, perhaps 2676, 2483, 2677. I thought this wouldn't be the case, but perhaps these ports relate to me using MSSQL server 2005 in my web site (MSSQL is running on the same computer as IIS so that is not an issue). I am also running zone alarm, but when I kill that app it doesn't make any difference. Please help. Thanks, Peter.
From: Duane Arnold on 6 May 2006 03:38 peter.mcclymont(a)gmail.com wrote: > Hi All, > > I have a web server (IIS using ASP .NET 2.0) behind a broadband router. > > I cannot get the web server to be visible on the internet. I can run > the web site from the computer it is hosted on though. > Well, so what are you saying? Did you access the IIS WEB server using LocalHost or did you access IIS on the machine from another machine on the LAN/Intranet? > On the router I have opened the port 80 to allow the traffic through > (using port forwarding), and also tried to run it in DMZ mode, but > neither seem to work. You don't do this unless you're able to do this from the protected environment on the LAN first. If it doesn't work on the Intranet the Web server or your applications, then it's not going to work in the Internet either. > > I ran 'netstat -ano' and it seemed to suggest when I connected to the > web site (internet IP #) that other ports were needed as well as 80, > perhaps 2676, 2483, 2677. I thought this wouldn't be the case, but > perhaps these ports relate to me using MSSQL server 2005 in my web site SQL Server has nothing do to with this. I think SQL 6.0 to 2005 the SQL server ports are 1433 and 1434. And you should NOT be exposing SQL Server to the Internet. And besides, SQL server should be running on another box on the LAN with your applications being able to access SQL server on the LAN/network. Again, you should not be running SQL on the same machine with IIS, if you're trying to expose IIS to the Internet. > > (MSSQL is running on the same computer as IIS so that is not an issue). Yeah, you're right. > > > I am also running zone alarm, but when I kill that app it doesn't make > any difference. You should not be trying to protect a machine running IIS with a personal FW solution. > > Please help. You may have some authentication issues with credentials or something with accessing IIS. Your WEB solution should ONLY be concerned with TCP port 80 SOAP over HTTP or Binary over HTTP and no other port but that port. Have you done your homework in exposing an IIS Web server on a NT based O/S to the Internet? If the NT based O/S, file system, user accounts, registry, and IIS are not secured, which there is information on how to do this, then the site is just hack bait no more or no less and a possible jumping off point by hackers to attack other sites on the Internet. Is your ASP.NET application even secure enough to face the Internet as a hacker can hack right through the WEB solution if secure WEB programming is not applied. Duane :)
From: peter.mcclymont on 6 May 2006 07:24 Please do not treat me like an idiot. I know SQL server has nothing to do with this. I just made the point that maybe that is why I was getting the other port readings using netstat. I am not going to expose this web site to the internet without first securing everything, and making sure the SQL server is on another box. I am just starting out, and will do the rest of my homework on security when I get the first few steps working. It is actually working on the lan side by doing this, http://localhost and http://10.0.0.6 (local lan number). I am not concerned about that, the wan side is what is not working. Thanks for your help, but I don't think that gets me anywhere. What other reasons would it not be working if I have opened up port 80 on the router?
From: peter.mcclymont on 6 May 2006 07:31 Anyway, I take your point that IIS is very insecure. What else do you suggest I use? Apache? I take it no ASP .NET programming would work with Apache? If not then what would?
From: peter.mcclymont on 6 May 2006 07:39
Anyway, I take your point that IIS is very insecure. What else do you suggest I use? Apache? I take it no ASP .NET programming would work with Apache? If not then what languages would? |