Prev: windows server 2008 wbadmin not remove old backup
Next: Lets hope the search engines find us - David
From: Leythos on 13 May 2010 17:02
In article <eDcCV1t8KHA.3176(a)TK2MSFTNGP05.phx.gbl>, jbrigan(a)yahoo.com
says...
>
> > Is this file server part of the domain you're talking about in another
> > thread?
> >
> Hmm... not sure which thread. The server in question here is part of a
> domain.
>
>
> > If so, you don't want to allow anonymous port 80 access.
> Right, I do not.
>
>
> >While you might
> > be using SSL (443) to manage your routers (as you replied in a later
> > post), you can change that to any port you want and properly setup SSL
> > on your internal LAN side server and disable HTTP.
> Sure, I can change it in the router. I'm not a web guy, so I don't know how
> to setup SSL. I see the box in IIS for SSL port. How is that going to
> work?
>
>
> > You can not set the port using external DNS, so, just change the router
> > management port, since that would only impact you.
> And that's what I don't understand about internet hosts/DNS. For example,
> if I created an "A" record for "vpn", and someone setup a VPN client, they
> could just put in vpn.domain.com, versus the ip address. But they wouldn't
> have to specify a port number, the client takes care of that. If someone on
> the internet wants to access our internal website, and it's not the default
> port of 80, how does AppName.DomainName.com get forwarded to the IIS server,
> if a port number isn't specified. That's what I'm hoping to get to. That
> they just enter (from the internet) AppName.DomainName.com. But if a port
> number isn't specified in a browser, isn't 80 assumed?

Because HTTP is port 80 by default, HTTPS is port 443 by default - the
clients apps (like FireFox, IE, Opera) know this and will use the
default port. Yes, if HTTP is used without :80, then port 80 is assumed,
since you're talking about HTTP traffic.

The same is true of your VPN, depending on the VPN client it will
automatically want to use certain ports.

As for managing your routers, you can always set them to port 444 and
then you would type HTTP://router.ip.address:444 to access them from a
web browser.

Before you screw this up and compromise your network you should hire a
consultant to do this right the first time.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
From: JohnB on 13 May 2010 19:41
> Because HTTP is port 80 by default, HTTPS is port 443 by default - the
> clients apps (like FireFox, IE, Opera) know this and will use the
> default port. Yes, if HTTP is used without :80, then port 80 is assumed,
> since you're talking about HTTP traffic.
>
> The same is true of your VPN, depending on the VPN client it will
> automatically want to use certain ports.
>
> As for managing your routers, you can always set them to port 444 and
> then you would type HTTP://router.ip.address:444 to access them from a
> web browser.
>
> Before you screw this up and compromise your network you should hire a
> consultant to do this right the first time.

The internal website has been publically accessible from port 80 for about 5
years now. I can't do much worse than that. Well, I guess I could somehow
make it totally inaccessible. But, I think I'm pretty close to figuring
this out. I appreciate your advice.



From: JohnB on 14 May 2010 12:42
After further review.... I think I'm going to leave it as is for now. Maybe
talk the manager into buying the software VPN client for our routers.

Thanks for the suggestions.


"+Bob+" <nomailplease(a)example.com> wrote in message
news:f0gpu55fupuphs6ocn64tp9a8mkvmu6bb7(a)4ax.com...
> John:
>
> Your traffic from outside should really use https as otherwise the
> usernames and passwords are sniffable on the network. You will need to
> purchase an SSL certificate and install that on the server. A good
> book on IIS should explain the process. Certificates can be had for
> $100 or less these days.
>
> That said, if you wanted traffic for a specific IP to route to a
> specific internal IP/port, you'd generally do that in the router, not
> on the web server. The web server would be set up to listen on
> whatever port you have the router forwarding. But, that would not be
> the right approach in this case. Security by obscurity is really no
> security at all.
>
>


From: Frankster on 15 May 2010 11:27
DNS cannot reference or deal with "ports". Forget that.

However, it sounds like you simply need to use "host headers" in IIS.

http://support.microsoft.com/kb/190008

A client could enter "gotomyapp.com", rather than "normaldomain.com", and
they would automatically go to your other IIS website on a different port
but the same IP.

The DNS piece would be to add an A record for "gotomyapp.com" (sans port).

-Frank

"JohnB" <jbrigan(a)yahoo.com> wrote in message
news:%23I2FRvr8KHA.420(a)TK2MSFTNGP02.phx.gbl...
> This is most likely the wrong place to ask this, but I'm not finding a web
> based Microsoft IIS forum. And the MS USENET forums for DSN or IIS look
> pretty dead.
>
> I have IIS running on a Server 2003 machine on our LAN. There's one
> website on there, some type of portal where people enter their hours
> worked. They have a username/password to get in. They access this both
> internally and from the internet. I've been working here a short time and
> I found out the other day that it's using port 80. I don't feel
> comfortable leaving it at port 80 for public access. And putting it on a
> DMZ isn't an option, it's also a file server.
>
> I'd like to do 2 things:
> - create a public DNS record so that outside users can enter something
> like: appName.DomainName.com, instead of the public IP and then then port
> number
> - something similar internally with DNS, like: AppName.Server.local
>
> To do the first part I'd:
> - change the port in IIS from 80 to 8080
> - map the port in the router
> - create an "A" record in DNS, and point it to our static IP
>
> The second part:
> - create the DNS record on a DC
>
> Is this possible?
> How do I specify the port number for the external DNS record, so the user
> doesn't have to?
>
> Thanks.
>

From: Bill Kearney on 16 May 2010 00:45
> How do I specify the port number for the external DNS record, so the user
> doesn't have to?

You can't. DNS has nothing to do with TCP port numbers.

First  |  Prev  | 
Pages: 1 2
Prev: windows server 2008 wbadmin not remove old backup
Next: Lets hope the search engines find us - David