We have several websites (with several public IP addresses) running on a web server. In IIS, the IP address are internal IP addresses (192.168.xxx.xxx). How do I figure out which public IP address matches which internal IP address? My goal is to change some public IP addresses. The particular web server is running IIS 6 on a Windows 2003 Server. Thanks, in advance, for your help!
-
Why not just log in to the server, pull up IIS Manager, and look at the bindings for each website?
From Chris S -
Are your servers multi-homed or do you have the addressed NATed? If they're behind a NAT boundary (firewall?) why not just look there for the mapping?
From MarkM -
You must have a port forwarder or other device routing connections from the external public IP addresses to the internal addresses. Your best bet would be to get access to that device and look at the configuration mapping public to private.
If all the IIS machines run the same web applications, you may have a load balancer handling the connection routing. In this case, your problem is perhaps simpler where you simply have the load balancer listen to the new addresses, but continue routing to the same pool of private machines.
Based on your comment, you may need to add a Host Header definition to your IIS configuration. If you have two websites listening on the same port (e.g. 80), you need to tell IIS how to direct traffic to each site. You do this by telling it which host address is handled by each site. (I only have an IIS 5 server to look at, but the settings for this should be similar)
- Right click the web site and select Properties.
- Select the Web Site tab
- Next to the IP Address, click the Advanced button.
- In the Multiple Identities for this Web Site, edit the entry and set the Host Address to the host name of your website. For example if you access the web site at http://www.example.com, you would set the Host Address to www.example.com. Save the settings and restart IIS if necessary.
Now the certificate issue is another problem and may actually be the source of the 400 errors. In order to decrypt the request, IIS needs to know the key to use. Since the entire request is encrypted, the only thing it can use to determine which key to use is the port on which the request arrived. If you have more than one SSL/TLS enabled website on the server, you will need to have each one listen on different ports and your firewall will need to know to route the request to that port. This also means your firewall will need to route specific public IP addresses/ports to the specific port for the private IP address.
Charles : Thanks for your good suggestions. We do have a firewall that load balances a couple of websites. This particular website runs on one source webserver and I want to move it to another destination webserver. I used the same IP address as that of another website on the destination webserver, but I got a HTTP 400 error message and the home page wouldn't load. I was using IIS Manager (but it was only showing the internal IP address). I'll check the firewall. Also, the website has a SSL certificate. If there's anything else I should check, please let me know. Thanks to all of you!David Smith : I updated my answer with more information based on your comment.From David Smith -
Are you doing 1:1 NAT (or it may be called Virtual IPs) in your edge firewall? That would be one way to tell what public IPs map to private IPs.
However it's likely that you're just using host headers in IIS for each website: do an
nslookup server 8.8.8.8
and then lookup the A record for each domain listed (I'd do the www host as well) and the IP(s) that they resolve to will tell you what IPs are being used for your websites.I put 8.8.8.8 (Google's nameserver) in the nslookup example in case you have split DNS setup internally; this will make sure that you're getting the public IP not an internal IP.
From gravyface
0 comments:
Post a Comment