| Author |
Message |
Clay Gerrard
Guest
|
 Posted:
Tue Jan 18, 2005 6:36 am Post subject:
Re: RWW interal not external |
|
|
in the 11th hour i re-ran the CEICW and elected to "automatically configure
your UnPNP router" - I've avoided this step in the past because a) I figured
I should be able to set it up manually and b) I have to clone the mac
address of my old router (long story - ISP very difficult to reach, don't
ask). Anyway I figured worst case if that gets reset I can go back in and
change it after the fact. But the odd thing is the wizard didn't seem to
change ANYTHING on the router - all my port names under forwarding are
listed exactly like _I_ typed them in, the mac address clone was exactly how
I left it, nothing seemed to have changed. EXCEPT for some strange reason I
can log into RWW.
I could have been something in the "Connection Type" section of the CEICW
which I normally skip over, but that seems almost as unlikely. But Les
suggested I go through the CEICW again and I didn't want to be accused of
ignoring the advice on this forum - it's never lead me astray before! Many
many thanks to Marina Roos, Les Connor and Lanwench - you are all wonderful!
If I come up with anything new after I talk to Linksys I'll let you know,
but for now it looks like its working.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
| Quote: | I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the server
and elimiate the router as an issue? Port 25 is being forwarded through
the router just fine for SMTP, I can verify that with telnet from an
external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
 |
Les Connor [SBS Community
Guest
|
| Posted:
Tue Jan 18, 2005 6:45 am Post subject:
Re: RWW interal not external |
|
|
A wrong connection type could do it.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:eslSlWP$EHA.600@TK2MSFTNGP09.phx.gbl...
| Quote: | in the 11th hour i re-ran the CEICW and elected to "automatically
configure your UnPNP router" - I've avoided this step in the past because
a) I figured I should be able to set it up manually and b) I have to clone
the mac address of my old router (long story - ISP very difficult to
reach, don't ask). Anyway I figured worst case if that gets reset I can
go back in and change it after the fact. But the odd thing is the wizard
didn't seem to change ANYTHING on the router - all my port names under
forwarding are listed exactly like _I_ typed them in, the mac address
clone was exactly how I left it, nothing seemed to have changed. EXCEPT
for some strange reason I can log into RWW.
I could have been something in the "Connection Type" section of the CEICW
which I normally skip over, but that seems almost as unlikely. But Les
suggested I go through the CEICW again and I didn't want to be accused of
ignoring the advice on this forum - it's never lead me astray before!
Many many thanks to Marina Roos, Les Connor and Lanwench - you are all
wonderful!
If I come up with anything new after I talk to Linksys I'll let you know,
but for now it looks like its working.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being forwarded
through the router just fine for SMTP, I can verify that with telnet from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Tue Jan 18, 2005 6:50 am Post subject:
Re: RWW interal not external |
|
|
Marina Roos [SBS-MVP] wrote:
| Quote: | 444 is for Sharepoint / Companyweb.
|
Ah, thanks. That wasn't mentioned when I googled for that port # - I wasn't
familiar with it offhand.
| Quote: |
"Lanwench [MVP - Exchange]"
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> schreef in
bericht news:%233pS7yL$EHA.2568@TK2MSFTNGP11.phx.gbl...
Clay Gerrard wrote:
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
Don't open all those - 443 (SSL) 4125 (RWW) 3389 (if you need
terminal services access directly, not just RWW access) should be
enough. Opening port 80 is dangerous; don't use it. What's the
reason for 444/SNPP?
And I'd prefer IPSec VPN, or at the very least L2TP, over PPTP, but
that's just me.
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
What errors do you get?
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue?
telnet <public ip or host> <portnumber
Port 25 is being
forwarded through the router just fine for SMTP, I can verify that
with telnet from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post back the results. If we figure this out I promise I'll let you
know what the resolution was.
Ok so, where do we start?
Rerun the CEICW and pick the options for OWA and RWW.
-clay |
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 8:02 am Post subject:
Re: RWW interal not external |
|
|
just to be clear, I didn't change anything under the connection type
section. It was and is set to "broadband"
either way its broken again now, definately a router issue. I'll look at it
some more in the morning.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
wrote in message news:O8Jk8bP$EHA.1452@TK2MSFTNGP11.phx.gbl...
| Quote: | A wrong connection type could do it.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:eslSlWP$EHA.600@TK2MSFTNGP09.phx.gbl...
in the 11th hour i re-ran the CEICW and elected to "automatically
configure your UnPNP router" - I've avoided this step in the past because
a) I figured I should be able to set it up manually and b) I have to
clone the mac address of my old router (long story - ISP very difficult
to reach, don't ask). Anyway I figured worst case if that gets reset I
can go back in and change it after the fact. But the odd thing is the
wizard didn't seem to change ANYTHING on the router - all my port names
under forwarding are listed exactly like _I_ typed them in, the mac
address clone was exactly how I left it, nothing seemed to have changed.
EXCEPT for some strange reason I can log into RWW.
I could have been something in the "Connection Type" section of the CEICW
which I normally skip over, but that seems almost as unlikely. But Les
suggested I go through the CEICW again and I didn't want to be accused of
ignoring the advice on this forum - it's never lead me astray before!
Many many thanks to Marina Roos, Les Connor and Lanwench - you are all
wonderful!
If I come up with anything new after I talk to Linksys I'll let you know,
but for now it looks like its working.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being forwarded
through the router just fine for SMTP, I can verify that with telnet
from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know
what the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 8:02 am Post subject:
Re: RWW interal not external |
|
|
any suggestions on a *good* firewall for a small business network?
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
wrote in message news:u8rZwWP$EHA.3260@TK2MSFTNGP14.phx.gbl...
| Quote: | In a single nic scenario, you definately want a *good* firewall, and
definately do *not* want the DMZ setting. That would open up your SBS
completely to the internet, and you'd be comprimised literally within
minutes. Linksys should be shot for recommending this.
If all things work internally, but not externally, then it's either a
router malfunction/misconfiguration, or the ISP is blocking ports.
Probably the router.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:u9OFjOP$EHA.1396@tk2msftngp13.phx.gbl...
SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW
are TCP correct? I can't think of anything special I'd have to do for
those ports on the router as opposed to SMTP. I'm going to contact
Linksys in the morning - I'll see if they have any suggestions, but I've
found their tech support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I
promise I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so
I couldn't even begin to guess where to start looking for something "odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a router/firewall.
Its an option in my routers service console, under the port forwarding
section. You can "enable or disable" it, you can select the source ip
address to be "any ip" or a range [x].[x].[x].[y]-[z] and you can set the
"host" ip address. Everytime I call Linksys "Support" they tell me to
turn it on, leave it set to any ip, then point it to the internal ip of
the server. Which I do, but it doesn't help, so I turn it back off. I'm
not sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator
Thanks again for everyone's help. I'm definately leaning twoards this
being a router issue, so I'll continue working with Linksys and if I find
anything out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from
your external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the
settings, not leave them. Ensure you have the items you want accessible
from the internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see
that the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the
internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125",
but for all I know this is the expected behavior. I didn't know telnet
could get me in on ANY of these ports, so I've already learned
something.
But, what does all this tell us? Is my router not forwarding the ports
to my server or could SBS somehow be refusing a connection to an
outside computer? The router has some built in firewall protection,
SPI and all that - could this be shutting us down and would "DMZ" have
anything to do with it? But then why would port 25 be working?
Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to
call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second
time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external
connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and
install
that.
I'd really love to have some way to verify that requests coming in
on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote
in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun
CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I
specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so
try
https:// instead of http://, and see if that makes any
difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded
to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks
rarely
post
back the results. If we figure this out I promise I'll let
you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Les Connor [SBS Community
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: RWW interal not external |
|
|
A second NIC, a soho gateway router and utilize RRAS is the least expensive
way to get adequete protection.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clay.gerrard@sbcglobal.net> wrote in message
news:%23S2kOHQ$EHA.3124@TK2MSFTNGP11.phx.gbl...
| Quote: | any suggestions on a *good* firewall for a small business network?
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8rZwWP$EHA.3260@TK2MSFTNGP14.phx.gbl...
In a single nic scenario, you definately want a *good* firewall, and
definately do *not* want the DMZ setting. That would open up your SBS
completely to the internet, and you'd be comprimised literally within
minutes. Linksys should be shot for recommending this.
If all things work internally, but not externally, then it's either a
router malfunction/misconfiguration, or the ISP is blocking ports.
Probably the router.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:u9OFjOP$EHA.1396@tk2msftngp13.phx.gbl...
SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW
are TCP correct? I can't think of anything special I'd have to do for
those ports on the router as opposed to SMTP. I'm going to contact
Linksys in the morning - I'll see if they have any suggestions, but I've
found their tech support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I
promise I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so
I couldn't even begin to guess where to start looking for something
"odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a
router/firewall. Its an option in my routers service console, under the
port forwarding section. You can "enable or disable" it, you can select
the source ip address to be "any ip" or a range [x].[x].[x].[y]-[z] and
you can set the "host" ip address. Everytime I call Linksys "Support"
they tell me to turn it on, leave it set to any ip, then point it to the
internal ip of the server. Which I do, but it doesn't help, so I turn
it back off. I'm not sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator
Thanks again for everyone's help. I'm definately leaning twoards this
being a router issue, so I'll continue working with Linksys and if I
find anything out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from
your external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the
settings, not leave them. Ensure you have the items you want accessible
from the internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see
that the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the
internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there.
I don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port
4125", but for all I know this is the expected behavior. I didn't
know telnet could get me in on ANY of these ports, so I've already
learned something.
But, what does all this tell us? Is my router not forwarding the
ports to my server or could SBS somehow be refusing a connection to an
outside computer? The router has some built in firewall protection,
SPI and all that - could this be shutting us down and would "DMZ" have
anything to do with it? But then why would port 25 be working?
Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from
the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to
call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second
time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external
connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and
install
that.
I'd really love to have some way to verify that requests coming in
on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote
in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun
CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I
specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit -
so try
https:// instead of http://, and see if that makes any
difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded
to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks
rarely
post
back the results. If we figure this out I promise I'll let
you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Les Connor [SBS Community
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: RWW interal not external |
|
|
Sounds like you are onto the cause.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clay.gerrard@sbcglobal.net> wrote in message
news:uSjz6GQ$EHA.2196@TK2MSFTNGP14.phx.gbl...
| Quote: | just to be clear, I didn't change anything under the connection type
section. It was and is set to "broadband"
either way its broken again now, definately a router issue. I'll look at
it some more in the morning.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:O8Jk8bP$EHA.1452@TK2MSFTNGP11.phx.gbl...
A wrong connection type could do it.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:eslSlWP$EHA.600@TK2MSFTNGP09.phx.gbl...
in the 11th hour i re-ran the CEICW and elected to "automatically
configure your UnPNP router" - I've avoided this step in the past
because a) I figured I should be able to set it up manually and b) I
have to clone the mac address of my old router (long story - ISP very
difficult to reach, don't ask). Anyway I figured worst case if that
gets reset I can go back in and change it after the fact. But the odd
thing is the wizard didn't seem to change ANYTHING on the router - all
my port names under forwarding are listed exactly like _I_ typed them
in, the mac address clone was exactly how I left it, nothing seemed to
have changed. EXCEPT for some strange reason I can log into RWW.
I could have been something in the "Connection Type" section of the
CEICW which I normally skip over, but that seems almost as unlikely.
But Les suggested I go through the CEICW again and I didn't want to be
accused of ignoring the advice on this forum - it's never lead me astray
before! Many many thanks to Marina Roos, Les Connor and Lanwench - you
are all wonderful!
If I come up with anything new after I talk to Linksys I'll let you
know, but for now it looks like its working.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being forwarded
through the router just fine for SMTP, I can verify that with telnet
from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know
what the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Mark Jesiel
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: RWW interal not external |
|
|
If you don't have a hardware firewall, definitely get one, (a linksys doesn't
count). I'd recommend a Juniper Netscreen or Cisco PIX. Those are the only 2
we use. Secondly, on the can't get to the RWW from external. When you create
any of the rules, from firewall or router, you have to make sure that you
specify the source port can come from anything (don't forget NAT), and the
destination port is the target port. For example, source ip "any" source port
"any" destination address "wxyz" destination port "4125".
Good Luck,
Mark Jesiel
"Clay Gerrard" wrote:
| Quote: | any suggestions on a *good* firewall for a small business network?
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8rZwWP$EHA.3260@TK2MSFTNGP14.phx.gbl...
In a single nic scenario, you definately want a *good* firewall, and
definately do *not* want the DMZ setting. That would open up your SBS
completely to the internet, and you'd be comprimised literally within
minutes. Linksys should be shot for recommending this.
If all things work internally, but not externally, then it's either a
router malfunction/misconfiguration, or the ISP is blocking ports.
Probably the router.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:u9OFjOP$EHA.1396@tk2msftngp13.phx.gbl...
SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW
are TCP correct? I can't think of anything special I'd have to do for
those ports on the router as opposed to SMTP. I'm going to contact
Linksys in the morning - I'll see if they have any suggestions, but I've
found their tech support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I
promise I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so
I couldn't even begin to guess where to start looking for something "odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a router/firewall.
Its an option in my routers service console, under the port forwarding
section. You can "enable or disable" it, you can select the source ip
address to be "any ip" or a range [x].[x].[x].[y]-[z] and you can set the
"host" ip address. Everytime I call Linksys "Support" they tell me to
turn it on, leave it set to any ip, then point it to the internal ip of
the server. Which I do, but it doesn't help, so I turn it back off. I'm
not sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator
Thanks again for everyone's help. I'm definately leaning twoards this
being a router issue, so I'll continue working with Linksys and if I find
anything out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from
your external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the
settings, not leave them. Ensure you have the items you want accessible
from the internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see
that the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the
internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125",
but for all I know this is the expected behavior. I didn't know telnet
could get me in on ANY of these ports, so I've already learned
something.
But, what does all this tell us? Is my router not forwarding the ports
to my server or could SBS somehow be refusing a connection to an
outside computer? The router has some built in firewall protection,
SPI and all that - could this be shutting us down and would "DMZ" have
anything to do with it? But then why would port 25 be working?
Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to
call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second
time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external
connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and
install
that.
I'd really love to have some way to verify that requests coming in
on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote
in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun
CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I
specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so
try
https:// instead of http://, and see if that makes any
difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded
to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks
rarely
post
back the results. If we figure this out I promise I'll let
you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: RWW interal not external |
|
|
Clay Gerrard wrote:
| Quote: | I don't need TS, RWW is fine. So now I only have:
443, 4125
but I read somewhere on this forum that you need to open 444 for share
point.
|
Do you need it?
| Quote: | As for VPN (port 1723) I've closed it for now. But honestly
I can't say I know the difference between IPSec, L2TP, and PPTP or
how they relate to VPN.
|
They're different types of VPN. If you don't use VPN, you don't need it
open. If you're going to use VPN, use L2TP over PPTP as it's more secure.
| Quote: |
-clay
"Lanwench [MVP - Exchange]"
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
message news:%233pS7yL$EHA.2568@TK2MSFTNGP11.phx.gbl...
Clay Gerrard wrote:
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
Don't open all those - 443 (SSL) 4125 (RWW) 3389 (if you need
terminal services access directly, not just RWW access) should be
enough. Opening port 80 is dangerous; don't use it. What's the
reason for 444/SNPP?
And I'd prefer IPSec VPN, or at the very least L2TP, over PPTP, but
that's just me.
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
What errors do you get?
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue?
telnet <public ip or host> <portnumber
Port 25 is being
forwarded through the router just fine for SMTP, I can verify that
with telnet from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post back the results. If we figure this out I promise I'll let you
know what the resolution was.
Ok so, where do we start?
Rerun the CEICW and pick the options for OWA and RWW.
-clay |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in