IIS and SP2 Over-Security

[powerman]

I've upgraded XP to SP2 and now I'm having trouble with my IIS web site and POP3 server. I run them through port forward from my wireless router. The rotuer forwards all web and POP 3 requests to the private IP address of the host (192.168.0.XXX).

The problem is that after the secuirty updates from SP2, it doesn't like sending information to 192.168.0.XXX. IIS works fine with localhost, but not with the private IP address like I need it to. It just says that the page can't be displayed in IE. I am able to ping the private IP address from the command prompt, but thats all the luck I have.

Also, windows firewall is turned completely off. I know its not the best, but I'm desperate and I want to get the site up and then tweak the security (very frustarting fooling with all of the options). The private IP seems to be cut off even when the new XP2 style firewall si disabled. I do have a firewall in the router so I'm not compleltely unprotected. However, the router firewall should not be an issue because I had it in use long before SP2.

Any ideas on things to try? I'm completly clueless. The only thing I could figure out is that I need to use the private IP addresses and they are being cut off at an unknown place. The systme worked for over a year before being updated to SP2.

Thanks for the help.

 

[maw]

it should work fine. first off, is your IIS running on the XP SP2 machine? or are you saying the XP SP2 machine is unable to connect a webserver running on a separate machine?

 

[dawtips]

In IIS, do you have a host header of localhost?

 

[powerman]

The web site can't be accessed through either IE on the web host or IE on another computer connected to my network by typing in the private IP address. However, on the machine running IIS, typing localhost into IE will show the web site. However, I need the web site to respond to the private IP address 192.168.0.5 for the port forwarding from my router. It is very interesting that localhost will work but the private IP won't.

After typing netstat -ano, it shows that an IP of 0.0.0.0:80 is listening on port 80. What does the IP of 0.0.0.0 mean? There are several other ports being listened on in this IP.There was no connection with port 80 in the private IP 192.168.0.5.

I also tried changing the IP of the web site from all unassigned to 192.168.0.5. This caused localhost to stop working in addition to the private IP not working.

I am unable to ping the private IP form another computer on my network, but I can ping it from a command prompt on it.

My windows firewall is completely disabled, I do have a router firewall but I'm sure its working right since i have been using it for years, and I have norton antivirus 2006. Norton has some new internet worm features that I was thinking could be the problem. I'm not sure hwo to turn it off though. I turned off auto-protect, but I'm not sure if thats a full "turn off."

After netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:7              0.0.0.0:0              LISTENING       696
  TCP    0.0.0.0:9              0.0.0.0:0              LISTENING       696
  TCP    0.0.0.0:13             0.0.0.0:0              LISTENING       696
  TCP    0.0.0.0:17             0.0.0.0:0              LISTENING       696
  TCP    0.0.0.0:19             0.0.0.0:0              LISTENING       696
  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       1736
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       4032
  TCP    0.0.0.0:43             0.0.0.0:0              LISTENING       1588
  TCP    0.0.0.0:79             0.0.0.0:0              LISTENING       1716
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       1736
  TCP    0.0.0.0:106            0.0.0.0:0              LISTENING       356
  TCP    0.0.0.0:110            0.0.0.0:0              LISTENING       284
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       712
  TCP    0.0.0.0:143            0.0.0.0:0              LISTENING       1788
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING       1772
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       1736
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING       1736
  TCP    0.0.0.0:8181           0.0.0.0:0              LISTENING       1820
  TCP    0.0.0.0:8383           0.0.0.0:0              LISTENING       1856
  TCP    0.0.0.0:8385           0.0.0.0:0              LISTENING       1856
  TCP    0.0.0.0:8399           0.0.0.0:0              LISTENING       356
  TCP    127.0.0.1:1027         0.0.0.0:0              LISTENING       2228
  TCP    127.0.0.1:1036         0.0.0.0:0              LISTENING       2352
  TCP    127.0.0.1:43958        0.0.0.0:0              LISTENING       1904
  TCP    192.168.0.5:139        0.0.0.0:0              LISTENING       4
  TCP    192.168.0.5:7706       0.0.0.0:0              LISTENING       2368
  UDP    0.0.0.0:7              *:*                                    696
  UDP    0.0.0.0:9              *:*                                    696
  UDP    0.0.0.0:13             *:*                                    696
  UDP    0.0.0.0:17             *:*                                    696
  UDP    0.0.0.0:19             *:*                                    696
  UDP    0.0.0.0:161            *:*                                    876
  UDP    0.0.0.0:445            *:*                                    4
  UDP    0.0.0.0:500            *:*                                    520
  UDP    0.0.0.0:514            *:*                                    968
  UDP    0.0.0.0:1038           *:*                                    2368
  UDP    0.0.0.0:1042           *:*                                    800
  UDP    0.0.0.0:1049           *:*                                    800
  UDP    0.0.0.0:3456           *:*                                    1736
  UDP    0.0.0.0:4500           *:*                                    520
  UDP    0.0.0.0:8001           *:*                                    1856
  UDP    127.0.0.1:123          *:*                                    752
  UDP    127.0.0.1:1041         *:*                                    2368
  UDP    127.0.0.1:1044         *:*                                    1208
  UDP    127.0.0.1:1900         *:*                                    884
  UDP    192.168.0.5:123        *:*                                    752
  UDP    192.168.0.5:137        *:*                                    4
  UDP    192.168.0.5:138        *:*                                    4
  UDP    192.168.0.5:520        *:*                                    752
  UDP    192.168.0.5:1900       *:*                                    884
  UDP    192.168.0.5:12710      *:*                                    2368
  UDP    192.168.0.5:58856      *:*                                    2368

 

[maw]

Ok, time to check the silly stuff first. How are IP addresses being assigned? Could it be that the webserver and another computer have the same IP address?

Edit: also, if you haven't yet done so, do a "ipconfig /flushdns" from the command line

 

[pxc]

I have the same problem with IIS. The easiest work-around is to have an external site like dyndns.com point to your IP address, then refer to the server by that name (i.e. http://yourserver.dyndns.com instead of http://192.168.0.5) inside your network or externally.

http://www.dyndns.com/services/dns/dyndns/

There's a better way to fix it, but I don't have time to try out the proper methods.

 

[powerman]

I checked both computers on my network and the other PC uses 192.168.0.4 so there is no IP conflict. I did restart this computer at least a dozen times and used flush dns.

I do have a DNS service from dyn.ee and it points to my public (aka internet) IP. When someone goes there, my router forwards their port 80 requests to 192.168.0.5. Inside my network, I can only see the web page from the web server by using localhost. Typing my dyn.ee DNS domain name or private IP won't work. Is this what you meant by:

The easiest work-around is to have an external site like dyndns.com point to your IP address, then refer to the server by that name (i.e. http://yourserver.dyndns.com instead of http://192.168.0.5) inside your network or externally.

I wasn't sure if the external site should point to the public or private IP address. Right now, it points to my public IP.

Also, something else that is strange is that I can ping my domain name externally but it won't show the page. A ping 192.168.0.5 from computers other than the web server won't work.

Thanks for the help.

 

[maw]

Also, something else that is strange is that I can ping my domain name externally but it won't show the page. A ping 192.168.0.5 from computers other than the web server won't work.

Thanks for the help.

Ok, is this in a domain? are all the other computers on the same subnet? did you check the subnet mask of the web server?

 

[powerman]

By domain I meant web address like www.hardforum.com. Sorry I didn't mean the networking domain. I just have the default MSHOME workgroup on my network. All my computers are in this workgroup including the web host.

Pinging my web site like this:

ping enginecontrol.dyn.ee

works but

ping 192.168.0.5

from outside the web host PC won't work.