Moved IIS 10 Server to New IP Address--Websites Not Visible to Outside World!

Question

In an effort to solve a double NAT problem that prevents me from seeing my websites from the in house LAN, I moved my server to the router NVG468MQ which provides a new IP address.

NEW: (not visible to anyone)

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 192.168.254.210

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.254

OLD: (worked--visible to the WWW but not in house)

Ethernet adapter LinkSys:

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

The server has two LAN ports so I just configured the second port for the outside most router (the one connected to the fiber modem ONT) for the new IP address and physically connected the cable to that router and this second port.

I disabled the first port in Network settings.

This server can access the internet, but the internet cannot access sites on this server. isitdown reports my sites are down.

None of my sites are bound to any specific IP, they are * in the bindings (default).

What else do I need to change to get IIS onto the web again on this new IP and subnet?

Answer 1

If I am reading this correctly, your server has only one network connection to this new router and has the single IP address of 192.168.254.210, correct?

Do your WWW users browse your web site via IP address or DNS name?
Do your private network users browse your web site via IP address or DNS name?
Are your private network PC's also connected to the NVG468MQ and on the same 192.168.254.xxx subnet?
Did you configure HTTP/HTTPS port forwarding on the NVG468MQ router?

From the server, browse this site: https://canyouseeme.org/. That will tell you the IP address that the internet sees your external connection. To make your server visible on the internet, you need to configure the router to forward port 80/443 to the IP address of your server (192.168.254.210).

Your WWW users will need to use the external IP that canyouseeme reports, or if they use DNS, verify that the name points to that IP.

Your internal (192.168.254.xxx) users can't use the external IP or name. They will need to browse the sites via the 192.168.254.210 IP or some internal name that points to that IP.

If your internal users are on a completely different WIFI/router and is not connected to the NVG468MQ router, then canyouseeme.org will report a different external IP when browsed on those machines. They can use the WWW IP or name to access the sites.

Hope that makes sense.

Answer 2

All browsing by DNS names.

Private network PCs are on another router behind the NVG468MQ, so a different subnet. But that was also the case before as I have a secure inner ring router on 192.169.1.1 subnet and the outer ring which used to have the server on 192.168.0.1 and the inner ring PCs could see the web sites on the server on outer ring. But since the new fiber service was installed, that stopped working and it was found to be caused by the NVG468MQ double-NATing. So I thought it could be solved by moving the server to one of the NVG468MQ's ports. It has internet access but nobody can see the server's pages. The router is configured with pinholes for all ports that serve web and video streaming.
Another strange problem is that if I try to browse the server via internal IP address, I get a 404 error.
It seems the NVG468MQ can be configured to pass through the WAN IP to the device behind it, so I am experimenting with DMZ bound to my outer tier router's MAC address. That seems to be working so far.

Answer 3

I'm not going to be able to help you with the NVG468MQ

Could canyouseeme.org detect if 80 or 443 was open?

If you are getting a 404, then you are getting thru to IIS. You should see a corresponding 404 entry in the IIS logs or in the HTTP error logs in C:\Windows\System32\LogFiles\HTTPERR.

In the IIS bindings make sure that you have one site that does not have any host names specified. If IIS can't match the request to any other site, this one should get hit.

Answer 4

All of my sites have host names binded to "*". Is that why I get a 404 when browsing the local IP?

I'm currently running through the DMZ on the NGV device now, so using my own routers again with the server. I may try again some evening to put the server on the NVG's router and check if the ports are open, but I mainly want to know if IIS has to be configured differently to work on a different IP, assuming all the pinholes are set in the new router.

Answer 5

DId you add the blank hostname and "* IP" to the bindings of one of your sites?

The 404 is IIS telling you that it can't match your request to a site/page.

From a Powershell prompt I requested a page that does not exist. I get a 404 response from IIS. But after I stop IIS, PS can't connect.

PS C:\> Invoke-WebRequest http://localhost/xxxxx/ssssss  
Invoke-WebRequest : HTTP Error 404.0 - Not Found  
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.Most likely causes:  
The directory or file specified does not exist on the Web server.  
At line:1 char:1  
+ Invoke-WebRequest http://localhost/xxxxx/ssssss  
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException  
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand  
  
PS C:\> net stop w3svc  
The World Wide Web Publishing Service service is stopping.  
The World Wide Web Publishing Service service was stopped successfully.  
  
PS C:\> Invoke-WebRequest http://localhost/xxxxx/ssssss  
Invoke-WebRequest : Unable to connect to the remote server  
At line:1 char:1  
+ Invoke-WebRequest http://localhost/xxxxx/ssssss  
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException  
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand  
  
PS C:\>  

In the IIS log files I see the 404's.

2022-08-06 15:50:43 ::1 GET /xxxxx/ssssss - 80 - ::1 Mozilla/5.0+(Windows+NT;+Windows+NT+10.0;+en-US)+WindowsPowerShell/5.1.22000.832 - 404 0 2 14
2022-08-06 15:51:08 ::1 GET /xxxxx/ssssss - 80 - ::1 Mozilla/5.0+(Windows+NT;+Windows+NT+10.0;+en-US)+WindowsPowerShell/5.1.22000.832 - 404 0 2 0

Then I added a bogus host name to the site bindings and I still get the 404 response. But now the log entry is in C:\Windows\System32\LogFiles\HTTPERR\httperr1.log.

2022-08-06 16:04:46 ::1%0 52733 ::1%0 80 HTTP/1.1 GET /xxxxx/ssssss - - 404 - NotFound - TCP
2022-08-06 16:06:38 ::1%0 52785 ::1%0 80 HTTP/1.1 GET /111111111111111111111111 - - 404 - NotFound - TCP
2022-08-06 16:06:42 ::1%0 52788 ::1%0 80 HTTP/1.1 GET /111111111111111111111111 - - 404 - NotFound - TCP

So you are getting through to IIS, but there appears to be something wrong with the request or with your bindings. Are you typing in the correct host name?