Prev: windows server 2008 wbadmin not remove old backup
Next: Lets hope the search engines find us - David
From: JohnB on 13 May 2010 12:46
This is most likely the wrong place to ask this, but I'm not finding a web
based Microsoft IIS forum. And the MS USENET forums for DSN or IIS look
pretty dead.

I have IIS running on a Server 2003 machine on our LAN. There's one website
on there, some type of portal where people enter their hours worked. They
have a username/password to get in. They access this both internally and
from the internet. I've been working here a short time and I found out the
other day that it's using port 80. I don't feel comfortable leaving it at
port 80 for public access. And putting it on a DMZ isn't an option, it's
also a file server.

I'd like to do 2 things:
- create a public DNS record so that outside users can enter something
like: appName.DomainName.com, instead of the public IP and then then port
number
- something similar internally with DNS, like: AppName.Server.local

To do the first part I'd:
- change the port in IIS from 80 to 8080
- map the port in the router
- create an "A" record in DNS, and point it to our static IP

The second part:
- create the DNS record on a DC

Is this possible?
How do I specify the port number for the external DNS record, so the user
doesn't have to?

Thanks.


From: kj [SBS MVP] on 13 May 2010 13:11
JohnB wrote:
> This is most likely the wrong place to ask this, but I'm not finding
> a web based Microsoft IIS forum. And the MS USENET forums for DSN or
> IIS look pretty dead.
>
> I have IIS running on a Server 2003 machine on our LAN. There's one
> website on there, some type of portal where people enter their hours
> worked. They have a username/password to get in. They access this
> both internally and from the internet. I've been working here a
> short time and I found out the other day that it's using port 80. I
> don't feel comfortable leaving it at port 80 for public access. And
> putting it on a DMZ isn't an option, it's also a file server.
>
> I'd like to do 2 things:
> - create a public DNS record so that outside users can enter something
> like: appName.DomainName.com, instead of the public IP and then then
> port number
> - something similar internally with DNS, like: AppName.Server.local
>
> To do the first part I'd:
> - change the port in IIS from 80 to 8080
> - map the port in the router
> - create an "A" record in DNS, and point it to our static IP
>
> The second part:
> - create the DNS record on a DC
>
> Is this possible?
> How do I specify the port number for the external DNS record, so the
> user doesn't have to?
>
> Thanks.

I'm not really a web guy, but I'd really think you'd want to get this on SSL
port 443 and keep port 80 out.
--
/kj


From: JohnB on 13 May 2010 14:58
Right now I have 443 used for remote managment for our routers.


"kj [SBS MVP]" <KevinJ.SBS(a)SPAMFREE.gmail.com> wrote in message
news:OnljH9r8KHA.4604(a)TK2MSFTNGP04.phx.gbl...
> I'm not really a web guy, but I'd really think you'd want to get this on
> SSL port 443 and keep port 80 out.
> --
> /kj
>


From: Leythos on 13 May 2010 15:57
In article <#I2FRvr8KHA.420(a)TK2MSFTNGP02.phx.gbl>, jbrigan(a)yahoo.com
says...
>
> This is most likely the wrong place to ask this, but I'm not finding a web
> based Microsoft IIS forum. And the MS USENET forums for DSN or IIS look
> pretty dead.
>
> I have IIS running on a Server 2003 machine on our LAN. There's one website
> on there, some type of portal where people enter their hours worked. They
> have a username/password to get in. They access this both internally and
> from the internet. I've been working here a short time and I found out the
> other day that it's using port 80. I don't feel comfortable leaving it at
> port 80 for public access. And putting it on a DMZ isn't an option, it's
> also a file server.
>
> I'd like to do 2 things:
> - create a public DNS record so that outside users can enter something
> like: appName.DomainName.com, instead of the public IP and then then port
> number
> - something similar internally with DNS, like: AppName.Server.local
>
> To do the first part I'd:
> - change the port in IIS from 80 to 8080
> - map the port in the router
> - create an "A" record in DNS, and point it to our static IP
>
> The second part:
> - create the DNS record on a DC
>
> Is this possible?
> How do I specify the port number for the external DNS record, so the user
> doesn't have to?
>
> Thanks.

Is this file server part of the domain you're talking about in another
thread?

If so, you don't want to allow anonymous port 80 access. While you might
be using SSL (443) to manage your routers (as you replied in a later
post), you can change that to any port you want and properly setup SSL
on your internal LAN side server and disable HTTP.

You can not set the port using external DNS, so, just change the router
management port, since that would only impact you.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
From: JohnB on 13 May 2010 16:46
> Is this file server part of the domain you're talking about in another
> thread?
>
Hmm... not sure which thread. The server in question here is part of a
domain.


> If so, you don't want to allow anonymous port 80 access.
Right, I do not.


>While you might
> be using SSL (443) to manage your routers (as you replied in a later
> post), you can change that to any port you want and properly setup SSL
> on your internal LAN side server and disable HTTP.
Sure, I can change it in the router. I'm not a web guy, so I don't know how
to setup SSL. I see the box in IIS for SSL port. How is that going to
work?


> You can not set the port using external DNS, so, just change the router
> management port, since that would only impact you.
And that's what I don't understand about internet hosts/DNS. For example,
if I created an "A" record for "vpn", and someone setup a VPN client, they
could just put in vpn.domain.com, versus the ip address. But they wouldn't
have to specify a port number, the client takes care of that. If someone on
the internet wants to access our internal website, and it's not the default
port of 80, how does AppName.DomainName.com get forwarded to the IIS server,
if a port number isn't specified. That's what I'm hoping to get to. That
they just enter (from the internet) AppName.DomainName.com. But if a port
number isn't specified in a browser, isn't 80 assumed?


 |  Next  |  Last
Pages: 1 2
Prev: windows server 2008 wbadmin not remove old backup
Next: Lets hope the search engines find us - David