0

I spent three hours fighting with this yesterday, so I'm hoping someone will be able to help. I'm great at programming and webmastering via cPanel, but I'm presently a total n00b at setting up servers.

I have a Windows 7 machine that has been running an HFS file server on port 6744 successfully for over a year. My ISP (Frontier) is not blocking port 80, and I have DMZ Host enabled. The computer in question is connected to the router via WAN. We have a wireless network with 4-8 other machines and devices, all of which connect wirelessly. Everything works like a charm.

Because our public IP is always changing, I have an account via no-ip that keeps everything synced up. Even now, that is still running flawlessly.

Up until recently, the Windows 7 machine running HFS has had a LAN address (192.168.254.x), like all the other machines.

However, I just installed IIS7 on the machine. Immediately after installing IIS on the machine, the router does not "see" the machine. Running ipconfig /all in cmd on the Windows 7 shows our public IP. Also, the Network and Sharing Center on any computer on the network shows the server computer as having the public IP.

I enabled https (port 443) on IIS7, and set things to force use of SSL (following the official Microsoft tutorials). Navigating to https://localhost on the server brings up the IIS7 default home page (which I haven't replaced yet.)

Here's the problem: I'm getting nothing if I navigate to https://{Our IP Address}, either from within my website, or via a proxy (hidemyass.com). canyouseeme.org shows port 443 as unreachable.

I have configured my router many times before. I have port 25565 open for Minecraft on another machine. Strangely, I don't have port 6744 open for HFS, but it runs without problems - via the DMZ no doubt. I cannot open port 443 on the router (which is actually a preset on the router as a preset for HTTPS) because the server HAS NO LAN IP, unlike the other machines. Attempting to open the port "dynamically" fails, and it doesn't work if I set it to the IP allegedly assigned to the server computer.

Again, the router does not show the server on "my connected home," even though it is connected, probably because of the DMZ.

I'm pulling my hair out. Any suggestions on how to get the port opened?

NOTE: Heading this off at the pass: our security needs dictate that I absolutely NOT turn off the router firewall. It is on "low" as it is.

EDIT: Pulled this data off of ipconfig /all, under Wireless Area Network (WAN), which is what I'm connecting via.

DHCP Enabled: Yes

Autoconfiguration Enabled: Yes

IPv4: 50.52.10.7 (preferred)

Subnet Mask: 255.255.255.0

Default Gateway: 50.52.10.1

DHCP Server: 50.52.10.1

DNS Servers: 50.52.10.1

NetBIOS over Tcpip: Enabled

CodeMouse92
  • 111
  • 6
  • What else was changed? In particular, find the Ethernet cable going into the computer, and look at what it's plugged into on the other end. – Michael Hampton Apr 02 '14 at 01:03
  • 2
    Is this in a professional setting? It sounds like a pretty janky setup all around. – MDMarra Apr 02 '14 at 01:35
  • Umm, Michael, I already said I'm on wireless. Always have been, always will be. MDMarra, we're a startup that's working out of my home, so most of the staff telecommutes. Thus the cloud. :) – CodeMouse92 Apr 02 '14 at 06:15
  • Well, I never said I was a pro at this. It's all we have, and the best possible setup with the equipment and layout available. Cut me some slack. Also, downvoter, seriously? Please read the tooltip on downvote: my question is clear, detailed, useful, currently unanswered online, and I did over three hours of research before asking. – CodeMouse92 Apr 02 '14 at 20:07
  • 1
    How many public IPs do you have from your ISP? Are they static or dynamic? Is your server IP static or Dynamic (please verify)? Did a cable from the router to the modem get moved? If your server is DHCP and pulling a public IP, then it has a layer 2 connection to your ISP's DHCP server/relay agent (no router in between), which could be caused by having the modem plugged into your router's LAN ports instead of WAN. I'll post as an answer if this is indeed the issue. – MartinC Apr 02 '14 at 20:38
  • Hi. We have a single public IP from our ISP, which is dynamic. I have a no-ip account that keeps synced up to the public IP to make life easier. The Frontier router is also the modem, in that it has the cable input, and broadcasts the WAN. The router then assigns unique LAN IPs (192.168.254.xx) to all the devices on the network. The problem is, after installing IIS7 on the server machine, the router no longer assigns it a LAN IP. – CodeMouse92 Apr 02 '14 at 21:19
  • 1
    I see. What is the LAN IP of the frontier device and if you run IPCONFIG /ALL on your server, what does it report the DHCP server as? Do the addresses match? – MartinC Apr 02 '14 at 22:22
  • 1
    Also, is there a specific reason why you don't have the LAN IP statically set on the server? Even moreso because you have to statically set the DMZ Host address as well. It seems like statically setting the IP would completely bypass the issue of getting the wrong DHCP address. Though, I do not mind pursuing that issue further as well. – MartinC Apr 02 '14 at 22:30
  • Interestingly, the LAN IP on the server is the same as the public IP, for whatever reason. That's also what appears on the DMZ Host, which was not always the case (it used to match the server's LAN IP, when it HAD one.) I'd be willing to statically set the IP, though I have to ensure I don't take out the existing HFS fileserver port in the process (HFS is running on the server). – CodeMouse92 Apr 02 '14 at 23:10
  • 1
    Does your server indicate a DHCP server with IPCONFIG /ALL? And what is the LAN IP of the frontier Modem/router? – MartinC Apr 03 '14 at 00:10
  • DHCP enabled on WAN with the address 50.52.10.1, and the IPv4 of the server on the WAN is 50.52.10.7. I access the router admin via 192.168.254.254, if that's what you mean. – CodeMouse92 Apr 03 '14 at 00:20
  • 1
    I'll show you an example of the data I would like to see from that server, it may very well point to the issue for us: **Ethernet adapter Local Area Connection: DHCP Enabled: Yes IPv4 Address: 172.16.1.3(Preferred) Subnet Mask: 255.255.255.0 Default Gateway: 172.16.1.1 DHCP Server: 172.16.1.1** This is displayed using **IPCONFIG /ALL** in CMD.EXE. There is a lot of data there so you will need to trim it down to what is pertinent. Feel free to post it as an edit in your answer. – MartinC Apr 03 '14 at 01:11
  • Edited with the data from ipconfig /all. Nothing to report under LAN, so I posted what appears under WAN (which is how I'm connecting.) – CodeMouse92 Apr 03 '14 at 02:37

1 Answers1

1

EDIT (this edit reflects the correct solution)

Is the windows firewall on? And does it have the proper inbound rules? You say it works via localhost (loopback), and it does not work from another computer on the LAN or remotely, but have you tried accessing it via the IP address browsing on the server itself? servername instead of localhost

END EDIT

IF your ISP's gateway is 50.52.10.1 (should be able to verify this by looking at the gateway of your Frontier's WAN connection). Then there is possibly a layer 2 connection between your server and the ISP's network, but given your description of the network setup that doesn't seems possible from a hardware standpoint.

Software related changes that could cause this issue: DHCP Relay (aka IP Helper), Frontier firmware updates that changes the operation of DMZ Host (can't say I've seen DMZ Host feature do this before, but every manufacturer has their own take on a feature). I would go through the Frontier device's settings and verify there have been no changes or firmware/software updates. If Frontier changed the DMZ host feature into a full-blown DMZ that very well may have this type of effect, as DMZs are typically on their own network on the same side of the firewall as the WAN.

IF 52.50.10.1 is actually the WAN (or maybe DMZ, if there were firmware changes) address of your frontier, I would definitely take another look at the DMZ host settings and make sure that there were no changes or updates.

The quickest solution (and what I would have began with) is a static IP on your server. Though this will not answer the question why this happened, it should definitely fix the issue. If you can sleep with not knowing the root cause of the issue, static IP is the way to go :)

MartinC
  • 345
  • 1
  • 3
  • 11
  • On the settings for my DMZ Host, all it says is "WAN IP ADDRESS: 50.52.10.7" and "Enabled for PAWHUB" (which is the computer name of the server.) – CodeMouse92 Apr 03 '14 at 15:39
  • Curiouser and curiouser. I was able to reserve a specific IP address for PAWHUB in the router (192.168.254.21), and now I'm able to open ports. The problem is, now the outside IP doesn't reach those ports. (Incidentally, my Minecraft server port on another computer is still operative.) – CodeMouse92 Apr 03 '14 at 15:47
  • I rolled back the above changes after opening the ports, so it's back to the old IP. HFS is back online, still nothing on HTTPS. – CodeMouse92 Apr 03 '14 at 16:00
  • HFS works from the outside? hmm... – MartinC Apr 03 '14 at 16:08
  • Yup. For posterity's sake, I changed the ports that IIS7 uses from 80 and 443 to 7297 and 7299. Again, operational on localhost. I even opened port forwarding for them. However, I cannot access those ports internally or externally, whether I assign a LAN IP to the server or whether I let the router give it the external IP (the only way HFS works). – CodeMouse92 Apr 03 '14 at 16:16
  • Is the windows firewall on? And does it have the proper inbound rules? You say it works via localhost (loopback), and it does not work from another computer on the LAN or remotely, but have you tried accessing it via the IP address browsing on the server itself? http://servername/ instead of http://localhost/ – MartinC Apr 03 '14 at 17:20
  • Yes, accessing via IP address and port on the server itself works. The problem may indeed be the firewall on the server... – CodeMouse92 Apr 03 '14 at 18:02
  • OH DUH! Yup, that was part of the problem. I've opened the ports on the firewall, and it works perfectly from public. Thank you! I do not know if what I did on the router helped anything, but everything is working now. – CodeMouse92 Apr 03 '14 at 18:05
  • I'll update my answer accordingly – MartinC Apr 03 '14 at 18:10