I have a Windows Server 2008 R2 Standard installation with the Hyper-V, RRAS, File Services, Web Services (disabled), and Application Services roles installed. This server is to function as a firewall/router, VM host, and VPN server. It has two physical
NICs, one pointing to the Internet ("Public": 173.241.xxx.xxx) and the other pointing to the internal network ("Private": 192.168.0.x/24). Hyper-V created a virtual NIC, which is bound to the Private interface and named "Virtual".
RRAS is configured with LAN and NAT management features; NAT is configured to forward HTTP and HTTPS services to Guest IP 192.168.0.12 with default port mappings (80 and 443, respectively). I also set "Enable Edge traversal" in Windows Firewall for
both "World Wide Web Services (HTTP Traffic In)" and "Core Networking (IPHTTPS) (TCP-In)". If I try to access the website internally, (from 192.168.0.11, for example) I have to use either the internal IP or the internal machine name, but
the site displays. If I try to connect from an external network (using the IP, as the IP is not currently mapped to any publically-accessible DNS), I get a connection time out ("the server at xxx.xxx.xxx.xxx is taking too long to respond..."). However,
I look at the Server Manager->...->RRAS->IPv4->NAT->Public->Show Mappings... mappings, and I see a connection from my remote IP through the server's public IP into the forwarding IP. From all appearances, the website is functioning correctly
and NAT translation is taking place. However, it appears that the traffic is not routing from the web server back out to the remote client. This behavior occurs whether the remote client is logged into the VPN or not. (If the client connects via VPN, the web
site is visible using internal IP/machine name, just as the other guests can, which AFAIK would be the expected behavior.) Is this a firewall issue? I just compared my inbound and outbound firewall rules, and there is no outbound rule corresponding to "World
Wide Web Services (HTTP Traffic In)", but there is for "IPHTTPS". It almost seems that way, but if I enable IIS (the World Wide Web Publishing Service in Services) and start the default web site, I get the IIS 7 Welcome Page. This behavior suggests
that the firewall is NOT the issue. Perhaps I need to completely remove the IIS role? Any suggestions are most welcome. BM
↧