Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Cannot access published Web and FTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> RE: Cannot access published Web and FTP Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Cannot access published Web and FTP - 14.Jul.2004 7:02:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by dmc3106:
Hi TS-

"Who is managing your public DNS?" - TZO.com

Also, when I do the nslookup on the ISA firewall:

"nslookup www.mydomain.net
Address: "internal IP address of the webserver(10.0.1.10)"

What should we expect to see with the above?

It will be a great day when I get home! Thank you! - DMC
Hi DMC,

OK, so far, so good. That is exactly what it should look like.

Tom

(in reply to dmc3106)
Post #: 21
RE: Cannot access published Web and FTP - 14.Jul.2004 7:05:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by dmc3106:
Hi TS-

After further troubleshooting web connectivity between the ISA server and the Webserver, I have these findings:

*WITHOUT specifying itself as the proxy in IE, the ISA server gets the same "403 Forbidden" error when trying to resolve the website either through IP or URL. While running a query(log)from ISAserver, a single attempt to access the website creates three entries as follows:

1-Log Time(7/13/2004 9:53:46PM), Destination Host IP(10.0.1.10), Destination Port(80), Protocol(HTTP), Action(Established conection), Rule(Default Rule), Client IP(10.0.1.9), Client Username(nothing listed here), Source Network(Localhost), Destination Network(Internal), HTTP Method(nothing listed here), URL(nothing listed here)

2-Log Time(7/13/2004 9:53:46PM), Destination Host IP(0.0.0.0), Destination Port(80), Protocol(http), Action(nothing listed here), Rule(Default Rule), Client IP(10.0.1.9), Client Username(anonymous), Source Network(Localhost), Destination Network(Internal), HTTP Method(GET), URL(http://10.0.1.10/)

3-Log Time(7/13/2004 9:53:46PM), Destination Host IP(10.0.1.10), Destination Port(80), Protocol(HTTP), Action(Closed Connection), Rule(Default Rule), Client IP(10.0.1.9), Client Username(nothing listed here), Source Network(Localhost), Destination Network(Internal), HTTP Method(nothing listed here), URL(nothing listed here)

Basically, for the first and third entry, it appears to be ESTABLISHING the connection and then CLOSING the connection. In between (2nd entry), I'm not exactly sure what is happening here. It seems to always resolve 0.0.0.0 as the destination IP.

*WITH specifying itself as the proxy in IE, the ISA server gets the "HTTP 502 Proxy Error" error when trying to resolve the website either through IP or URL. Log consistently reads:

1-Log Time(7/13/2004 10:18:01PM), Destination Host IP(0.0.0.0), Destination Port(80), Protocol(http), Action(nothing listed here), Rule(Default Rule), Client IP(10.0.1.9), Client Username(anonymous), Source Network(Localhost), Destination Network(Internal), HTTP Method(GET), URL(http://www.mydomain.net/default.htm)
...there are several entries in the logs - one for each component (image) of the website it cannot load (5 entries total)

I hope this info is helpful in getting closer to the solution. (sorry for the lengthy post, just want to provide all the info [Wink] )

Please let me know how to proceed if you have a sense of direction here. Thank you! - DMC
Hi DMC,

OK, we're at the point where we need *real* information! Real domain names, real addresses, real Web Proxy listener configs, and real details of the Web pubublishing rule.

Also, make sure that you're testing from an EXTERNAL client; testing from the ISA firewall or an internal client won't provide real information regarding the publishing rule.

HTH,
Tom

(in reply to dmc3106)
Post #: 22
RE: Cannot access published Web and FTP - 15.Jul.2004 12:38:00 AM   
dmc3106

 

Posts: 23
Joined: 27.Jun.2004
From: North Carolina
Status: offline 		Hi TS-

Ok, here is the 'real deal':

1. Real domain name -> (www.dts-inc.net)

2. Real addresses - > (ISAserver External Interface : 192.168.0.2, Internal Interface : 10.0.1.9) (Webserver on 10.0.1.10) **All is behind a Cable/DSL router at 192.168.0.1 which has port forwarding for *port 80* set to 192.168.0.2

3. Real Web Proxy listener config :
"this rule applies to requests received on the following listener" -> web listener

(under properties of the listener) ->
'Selected networks for this listener' - > (external/192.168.0.2 and local host/any IP), HTTP Port 80,HTTPS Disabled, Integrated authentication, Always authenticate-'no'.

4. Real details of the Web pubublishing rule :
(name)WEB -> (action)ALLOW -> (protocols)HTTP ->(from)ANYWHERE ->(to)WWW.DTS-INC.NET -> (condition) ALL USERS

...Here are PROPERTIES of the Web Publishing Rule:
GENERAL : WEB
ACTION : allow
FROM : anywhere
TO : www.dts-inc.net
TRAFFIC : http
PUBLIC NAME : 'requests for the following web sites' -> www.dts-inc.net
LISTENER : web listener
PATHS : external path(same as internal), internal path(/dtsincweb/*)
BRIDGING : selected "web server", redirect to port 80
USERS : all
LINK TRANSLATION : no cfg here
SCHEDULE : always

I will be glad to provide any other info needed. Also, in the future, I will test access from an outside connection

Please let me know if you see any red-flags or inconsistencies in the info above. I know we're close - Again, thank you! - DMC

(in reply to dmc3106)
Post #: 23
RE: Cannot access published Web and FTP - 17.Jul.2004 2:55:00 PM   
dmc3106

 

Posts: 23
Joined: 27.Jun.2004
From: North Carolina
Status: offline 		TS-

Please let me know what you think to try next. I have tried several things since the last post with no success.

Thanks! - Davis

(in reply to dmc3106)
Post #: 24
RE: Cannot access published Web and FTP - 17.Jul.2004 5:05:00 PM   
dmc3106

 

Posts: 23
Joined: 27.Jun.2004
From: North Carolina
Status: offline 		TS -

I believe we got it!

it seems I had the internal path misconfigured ->
(internal path(/dtsincweb/*)

I changed it to the default and I can access from the outside now. ...was under the impression this had to match the directory structure of your webserver.

**Although, I reviewed the logs when accessig from the outside and I get the following:

Log Time(7/17/2004 11:02:58PM), Destination Host IP(0.0.0.0), Destination Port(80), Protocol(HTTP), Action(nothing listed here), Rule(WEB), Client IP(67.240.135.135), Client Username(anonymous), Source Network(nothing listed here), Destination Network(nothing listed here), HTTP Method(GET), URL(http://www.dts-inc.net/index.html).

Any reason the Host IP would be listed as '0.0.0.0', other info as 'not listed' and still have full access? Seems there would be more complete info for a successful query...

Thanks very much for feedback! -DMC

...I will be purchasing your book, once it's published. Extremely helpful info here...

(in reply to dmc3106)
Post #: 25
RE: Cannot access published Web and FTP - 18.Jul.2004 10:46:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi DMC,

Great! You don't need to publish the path unless you are publishing selected subfolders in the path. It looks like you included the root folder in the path, which is not requried if you're publishing the entire site.

Good to hear you got it working and thanks for the follow up!
Tom

(in reply to dmc3106)
Post #: 26

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> RE: Cannot access published Web and FTP Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts