| Author |
Message |
Clay Gerrard
Guest
|
 Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
RWW interal not external |
|
|
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote work
great.
externally, I can't reach http://FQDN/remote or http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the server
and elimiate the router as an issue? Port 25 is being forwarded through the
router just fine for SMTP, I can verify that with telnet from an external
shell account.
I've seen serveral posts on this issue, but it seems folks rarely post back
the results. If we figure this out I promise I'll let you know what the
resolution was.
Ok so, where do we start?
-clay |
|
| Back to top |
|
 |
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: RWW interal not external |
|
|
Clay Gerrard wrote:
| Quote: | I'm forwarding:
443, 444, 4125, 1723, 3389, 80
|
Don't open all those - 443 (SSL) 4125 (RWW) 3389 (if you need terminal
services access directly, not just RWW access) should be enough. Opening
port 80 is dangerous; don't use it. What's the reason for 444/SNPP?
And I'd prefer IPSec VPN, or at the very least L2TP, over PPTP, but that's
just me.
What errors do you get?
| Quote: |
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue?
|
telnet <public ip or host> <portnumber>
| Quote: | Port 25 is being
forwarded through the router just fine for SMTP, I can verify that
with telnet from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post back the results. If we figure this out I promise I'll let you
know what the resolution was.
Ok so, where do we start?
|
Rerun the CEICW and pick the options for OWA and RWW.
|
|
| Back to top |
|
|
Les Connor [SBS Community
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: RWW interal not external |
|
|
Hi Clay,
Your server certificate will have been created with the name [fqdn] *or*
[external_IP], so you must use whichever when you type the URL from a remote
location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try https://
instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
| Quote: | I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the server
and elimiate the router as an issue? Port 25 is being forwarded through
the router just fine for SMTP, I can verify that with telnet from an
external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Marina Roos [SBS-MVP]
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: RWW interal not external |
|
|
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
| Quote: | when I ran the CEICW it asked for the FQDN and it was my understanding
that
the certificate is created at that time, is there something more that I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn] *or*
[external_IP], so you must use whichever when you type the URL from a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being forwarded
through the router just fine for SMTP, I can verify that with telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: RWW interal not external |
|
|
when I ran the CEICW it asked for the FQDN and it was my understanding that
the certificate is created at that time, is there something more that I need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
| Quote: | Hi Clay,
Your server certificate will have been created with the name [fqdn] *or*
[external_IP], so you must use whichever when you type the URL from a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being forwarded
through the router just fine for SMTP, I can verify that with telnet from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Marina Roos [SBS-MVP]
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: RWW interal not external |
|
|
444 is for Sharepoint / Companyweb.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> schreef in
bericht news:%233pS7yL$EHA.2568@TK2MSFTNGP11.phx.gbl...
| Quote: | Clay Gerrard wrote:
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
Don't open all those - 443 (SSL) 4125 (RWW) 3389 (if you need terminal
services access directly, not just RWW access) should be enough. Opening
port 80 is dangerous; don't use it. What's the reason for 444/SNPP?
And I'd prefer IPSec VPN, or at the very least L2TP, over PPTP, but that's
just me.
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
What errors do you get?
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue?
telnet <public ip or host> <portnumber
Port 25 is being
forwarded through the router just fine for SMTP, I can verify that
with telnet from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post back the results. If we figure this out I promise I'll let you
know what the resolution was.
Ok so, where do we start?
Rerun the CEICW and pick the options for OWA and RWW.
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 2:21 am Post subject:
Re: RWW interal not external |
|
|
I don't need TS, RWW is fine. So now I only have:
443, 4125
but I read somewhere on this forum that you need to open 444 for share
point. As for VPN (port 1723) I've closed it for now. But honestly I can't
say I know the difference between IPSec, L2TP, and PPTP or how they relate
to VPN.
-clay
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:%233pS7yL$EHA.2568@TK2MSFTNGP11.phx.gbl...
| Quote: | Clay Gerrard wrote:
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
Don't open all those - 443 (SSL) 4125 (RWW) 3389 (if you need terminal
services access directly, not just RWW access) should be enough. Opening
port 80 is dangerous; don't use it. What's the reason for 444/SNPP?
And I'd prefer IPSec VPN, or at the very least L2TP, over PPTP, but that's
just me.
internally http://[internal_ip]/remote or http://[servername]/remote
work great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
What errors do you get?
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue?
telnet <public ip or host> <portnumber
Port 25 is being
forwarded through the router just fine for SMTP, I can verify that
with telnet from an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post back the results. If we figure this out I promise I'll let you
know what the resolution was.
Ok so, where do we start?
Rerun the CEICW and pick the options for OWA and RWW.
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 2:24 am Post subject:
Re: RWW interal not external |
|
|
not my ISP no, I registered the domain name with GoDaddy, but the my ISP did
create the pointer for my RDNS.
I will try to rerun the CIECW and use the ip just for good measure, but I'd
like my clients to access the site via the domain name eventually.
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my understanding
that
the certificate is created at that time, is there something more that I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn]
*or*
[external_IP], so you must use whichever when you type the URL from a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 2:36 am Post subject:
Re: RWW interal not external |
|
|
I reran CEICW with the public IP. It went through ok the second time, but
the first time I tried it got an error on the "configure firewall" step.
anyway
https://[external_ip]/remote did not work from an external connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just dropped
my RMA linksys router on my desk, so I'm going to go try and install that.
I'd really love to have some way to verify that requests coming in on these
forwarded ports are acctually hitting the server. Is there somewhere in
some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my understanding
that
the certificate is created at that time, is there something more that I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn]
*or*
[external_IP], so you must use whichever when you type the URL from a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely post
back the results. If we figure this out I promise I'll let you know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 3:12 am Post subject:
Re: RWW interal not external |
|
|
installed the RMA router, didn't make any difference. I'm going to call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is apparently a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
| Quote: | I reran CEICW with the public IP. It went through ok the second time, but
the first time I tried it got an error on the "configure firewall" step.
anyway
https://[external_ip]/remote did not work from an external connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just dropped
my RMA linksys router on my desk, so I'm going to go try and install that.
I'd really love to have some way to verify that requests coming in on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my understanding
that
the certificate is created at that time, is there something more that I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn]
*or*
[external_IP], so you must use whichever when you type the URL from a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post
back the results. If we figure this out I promise I'll let you know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Marina Roos [SBS-MVP]
Guest
|
| Posted:
Tue Jan 18, 2005 3:48 am Post subject:
Re: RWW interal not external |
|
|
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
| Quote: | installed the RMA router, didn't make any difference. I'm going to call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second time,
but
the first time I tried it got an error on the "configure firewall" step.
anyway
https://[external_ip]/remote did not work from an external connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and install
that.
I'd really love to have some way to verify that requests coming in on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my understanding
that
the certificate is created at that time, is there something more that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn]
*or*
[external_IP], so you must use whichever when you type the URL from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post
back the results. If we figure this out I promise I'll let you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 4:42 am Post subject:
Re: RWW interal not external |
|
|
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125", but
for all I know this is the expected behavior. I didn't know telnet could
get me in on ANY of these ports, so I've already learned something.
But, what does all this tell us? Is my router not forwarding the ports to
my server or could SBS somehow be refusing a connection to an outside
computer? The router has some built in firewall protection, SPI and all
that - could this be shutting us down and would "DMZ" have anything to do
with it? But then why would port 25 be working? Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second time,
but
the first time I tried it got an error on the "configure firewall" step.
anyway
https://[external_ip]/remote did not work from an external connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and install
that.
I'd really love to have some way to verify that requests coming in on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW
and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name [fqdn]
*or*
[external_IP], so you must use whichever when you type the URL from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to
the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post
back the results. If we figure this out I promise I'll let you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Les Connor [SBS Community
Guest
|
| Posted:
Tue Jan 18, 2005 4:59 am Post subject:
Re: RWW interal not external |
|
|
There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from your
external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the settings,
not leave them. Ensure you have the items you want accessible from the
internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see that
the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
| Quote: | EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125",
but for all I know this is the expected behavior. I didn't know telnet
could get me in on ANY of these ports, so I've already learned something.
But, what does all this tell us? Is my router not forwarding the ports to
my server or could SBS somehow be refusing a connection to an outside
computer? The router has some built in firewall protection, SPI and all
that - could this be shutting us down and would "DMZ" have anything to do
with it? But then why would port 25 be working? Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and install
that.
I'd really love to have some way to verify that requests coming in on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW
and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so
try
https:// instead of http://, and see if that makes any difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to
the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks rarely
post
back the results. If we figure this out I promise I'll let you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Clay Gerrard
Guest
|
| Posted:
Tue Jan 18, 2005 6:21 am Post subject:
Re: RWW interal not external |
|
|
SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW are
TCP correct? I can't think of anything special I'd have to do for those
ports on the router as opposed to SMTP. I'm going to contact Linksys in the
morning - I'll see if they have any suggestions, but I've found their tech
support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I promise
I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so I
couldn't even begin to guess where to start looking for something "odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a router/firewall.
Its an option in my routers service console, under the port forwarding
section. You can "enable or disable" it, you can select the source ip
address to be "any ip" or a range [x].[x].[x].[y]-[z] and you can set the
"host" ip address. Everytime I call Linksys "Support" they tell me to turn
it on, leave it set to any ip, then point it to the internal ip of the
server. Which I do, but it doesn't help, so I turn it back off. I'm not
sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator>
Thanks again for everyone's help. I'm definately leaning twoards this being
a router issue, so I'll continue working with Linksys and if I find anything
out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca>
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
| Quote: | There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from
your external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the
settings, not leave them. Ensure you have the items you want accessible
from the internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see
that the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125",
but for all I know this is the expected behavior. I didn't know telnet
could get me in on ANY of these ports, so I've already learned something.
But, what does all this tell us? Is my router not forwarding the ports
to my server or could SBS somehow be refusing a connection to an outside
computer? The router has some built in firewall protection, SPI and all
that - could this be shutting us down and would "DMZ" have anything to do
with it? But then why would port 25 be working? Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to
call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external
connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and install
that.
I'd really love to have some way to verify that requests coming in on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW
and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so
try
https:// instead of http://, and see if that makes any
difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to
the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks
rarely
post
back the results. If we figure this out I promise I'll let you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
Les Connor [SBS Community
Guest
|
| Posted:
Tue Jan 18, 2005 6:35 am Post subject:
Re: RWW interal not external |
|
|
In a single nic scenario, you definately want a *good* firewall, and
definately do *not* want the DMZ setting. That would open up your SBS
completely to the internet, and you'd be comprimised literally within
minutes. Linksys should be shot for recommending this.
If all things work internally, but not externally, then it's either a router
malfunction/misconfiguration, or the ISP is blocking ports. Probably the
router.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:u9OFjOP$EHA.1396@tk2msftngp13.phx.gbl...
| Quote: | SBS Standard, one NIC, no ISA.
I have set the port forwarding on the router as best I can. SSL & RWW are
TCP correct? I can't think of anything special I'd have to do for those
ports on the router as opposed to SMTP. I'm going to contact Linksys in
the morning - I'll see if they have any suggestions, but I've found their
tech support to be targeted toward a home user.
I've re-ran the Remote Access Wizard and CEICW a number of times. I
promise I'm electing to "change settings" and selecting:
Outlook Web Access
Remote Web Workplace
Outlook via the Internet
If there error is in RRAS the wizard isn't fixing it, but I've never
manually changed anything in the "Routing and Remote Access" console, so I
couldn't even begin to guess where to start looking for something "odd"
On a side note, before I call Linksys, does anyone have any info about
"DMZ" - DeMilitirized Zone - and how it might apply to a router/firewall.
Its an option in my routers service console, under the port forwarding
section. You can "enable or disable" it, you can select the source ip
address to be "any ip" or a range [x].[x].[x].[y]-[z] and you can set the
"host" ip address. Everytime I call Linksys "Support" they tell me to
turn it on, leave it set to any ip, then point it to the internal ip of
the server. Which I do, but it doesn't help, so I turn it back off. I'm
not sure what it's supposed to be doing.
ipconfig /all from server:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2800
Primary Dns Suffix . . . . . . . : cci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : cci.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-46-FD-E7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.3
Primary WINS Server . . . . . . . : 192.168.1.3
C:\Documents and Settings\Administrator
Thanks again for everyone's help. I'm definately leaning twoards this
being a router issue, so I'll continue working with Linksys and if I find
anything out I'll post back.
-clay
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@DEL.cfive.ca
wrote in message news:uSqwHhO$EHA.3368@TK2MSFTNGP15.phx.gbl...
There are two places where the ports might be blocked.
a) the router. Ensure you have the port forwarding set correctly, from
your external IP on the router, to the external IP of the SBS.
b) RRAS or ISA - run the CEICW, make sure you elect to change the
settings, not leave them. Ensure you have the items you want accessible
from the internet selected.
I haven't seen an ipconfig/all in this thread - have we checked to see
that the nics are correctly configured ?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:%23uVouWO$EHA.2876@TK2MSFTNGP12.phx.gbl...
EXTERNALLY
I can NOT telnet in on 444, 443, or 4125
the message response is "connection refused"
I can however get through on port 25 to my SMTP server from the internet
INTERNALLY is a different story
I CAN telnet in to 444 & 443, but not much happens when I get there. I
don't even know how to close the connection =\
4125 however gives me "could not open connection to host on port 4125",
but for all I know this is the expected behavior. I didn't know telnet
could get me in on ANY of these ports, so I've already learned
something.
But, what does all this tell us? Is my router not forwarding the ports
to my server or could SBS somehow be refusing a connection to an outside
computer? The router has some built in firewall protection, SPI and all
that - could this be shutting us down and would "DMZ" have anything to
do with it? But then why would port 25 be working? Gremlins?
Thanks for all your support!
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:ugYtg6N$EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Can you check if you can telnet to your public IP on port 444 from the
internet?
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:uzGvdkN$EHA.1452@TK2MSFTNGP11.phx.gbl...
installed the RMA router, didn't make any difference. I'm going to
call
Linksys in the morning.
Just so everybody knows the WRT55AGv2 latest firmware v.1.10 is
apparently
a
black hole router. It may have other issues as well.
-clay
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:OYxFnQN$EHA.1296@TK2MSFTNGP10.phx.gbl...
I reran CEICW with the public IP. It went through ok the second
time,
but
the first time I tried it got an error on the "configure firewall"
step.
anyway
https://[external_ip]/remote did not work from an external
connection,
http://[interal_ip]/remote still works great from internal.
I'm still thinking this is a router issue, acctually some one just
dropped
my RMA linksys router on my desk, so I'm going to go try and install
that.
I'd really love to have some way to verify that requests coming in
on
these forwarded ports are acctually hitting the server. Is there
somewhere in some IIS log that would show me this?
-clay
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message news:%23d1t9TM$EHA.2540@TK2MSFTNGP09.phx.gbl...
Hi Clay,
Did your ISP create a DNS record for your FQDN? If not, rerun CEICW
and
enter your public IP for the web certificate.
--
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Clay Gerrard" <clayg@gvtc.com> schreef in bericht
news:eYHoFKM$EHA.1600@TK2MSFTNGP10.phx.gbl...
when I ran the CEICW it asked for the FQDN and it was my
understanding
that
the certificate is created at that time, is there something more
that
I
need
to do manually because this is the first I heard of it.
But if I'm understanding you correctly only the address I
specified
will
work correctly i.e. https://[FQDN]/remote
also, I have already tried https vs http, same results
-clay
THANKS!
"Les Connor [SBS Community Member - SBS MVP]"
les.connor@DEL.cfive.ca
wrote in message news:u8B$%23qL$EHA.1188@tk2msftngp13.phx.gbl...
Hi Clay,
Your server certificate will have been created with the name
[fqdn]
*or*
[external_IP], so you must use whichever when you type the URL
from
a
remote location.
Additionally, sometimes the HTTPS re-direct is the culprit - so
try
https:// instead of http://, and see if that makes any
difference.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Clay Gerrard" <clayg@gvtc.com> wrote in message
news:uYUaahL$EHA.2156@TK2MSFTNGP10.phx.gbl...
I'm forwarding:
443, 444, 4125, 1723, 3389, 80
internally http://[internal_ip]/remote or
http://[servername]/remote
work
great.
externally, I can't reach http://FQDN/remote or
http://[external_ip]/remote
is there a good way to verify that ports are being forwarded to
the
server and elimiate the router as an issue? Port 25 is being
forwarded
through the router just fine for SMTP, I can verify that with
telnet
from
an external shell account.
I've seen serveral posts on this issue, but it seems folks
rarely
post
back the results. If we figure this out I promise I'll let you
know
what
the resolution was.
Ok so, where do we start?
-clay
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in