0

I have three Windows hosts on the same private LAN, each hosting an IIS default website. One host is running Windows 7 Pro, while the other two are running Windows 8.1 Update Version 6.3 (Build 9600).

Other computers on the local subnet can open the default website on each of the 3 hosts by entering each host's private IP address in a browser.

However, when I Port Forward port 80 from a gateway router in turn to each of the 3 hosts private IP address, then enter the gateway router's public IP into a browser on a computer outside of the private network, only the Windows 7 host displays its default website. The two Windows 8.1 Update hosts report "This webpage is not available. Details: The host took too long to respond." Additionally, no record of the HTTP request appears in "C:\inetpub\logs\LogFiles\W3SVC1\u_exYYMMDD.log" on the host.

All three hosts have their Windows Firewall Inbound Rule "World Wide Web Services (HTTP Traffic-In)" set to Profile: All, Enabled: Yes, Action: Allow, Override: No, Program: System, Local Address: Any, Remote Address: Any, Protocol: TCP, Local Port: 80, Remote Port: Any, Authorized Users: Any, Authorized Computers: Any, Authorized Local Principles: Any, Local User Owner: Any, Application Package: Any.

Furthermore, disabling both Windows Firewall and Windows Defender made no difference. I have no other security or firewall systems installed.

Something is preventing port 80 requests from public ip addresses from reaching Windows 8.1 Update IIS. But the success on Windows 7 demonstrates that the gateway router is properly forwarding outside traffic to the assigned IP address.

This problem only appeared after I installed the mid-February Windows Update. Any help diagnosing & fixing the problem is greatly appreciated.

Eric
  • 101
  • How many public ip addresses do you have? – joeqwerty Mar 24 '15 at 21:38
  • A block of 5 static IPs, plus a static gateway. But that's really not relevant. We normally get hit by many public IPs, including remote users and various bots. Now none of them are getting through to the IIS log file. – Eric Mar 25 '15 at 01:10
  • To ensure that the identical hardware & setup was used, I forwarded the same public IP from the same router to each host in turn, . When that public IP/router is pointed at the Windows 7 host, everything works as expected. But when it's pointed at either of the Win 8.1 hosts, nothing shows up in their u_exYYMMDD.log files. – Eric Mar 25 '15 at 01:21
  • `A block of 5 static IPs, plus a static gateway. But that's really not relevant` - Of course it's relevant. If you were trying to forward port 80 from a single public ip address to multiple internal ip addresses I was going to tell you that it isn't possible without using some type of reverse proxy. – joeqwerty Mar 25 '15 at 04:57
  • Nope, not trying to forward to multiple internal servers, just one at a time using the same router to ensure nothing else changed. The issue here is that local (subnet) IP address work (including hitting the router's public IP from any machine that uses that router as its gateway, which forwards the address 192.168.1.1), but public IP addresses forwarded by the router don't. This used to work but stopped without my changing anything, after the latest Windows Update. I've been unable to identify anything in IIS that would distinguish between private and public client IP addresses. – Eric Mar 25 '15 at 05:29

1 Answers1

0

Problem solved. It turned out the cause was Check Point VPN v98.60.202, from Check Point Software Technologies. I had installed this software to connect to a corporate client's internal network.

I suspected this was the cause because of how VPNs work, so I had previously closed the VPN software, but that didn't solve the problem. I actually needed to completely uninstall the Check Point VPN software and reboot the computer to remove the hooks it makes into the Operating System's TCP/IP stack. That allowed IP addresses outside of the host's subnet to again be served by IIS 8.5.

Eric
  • 101