10

My machine is running Windows 7 Ultimate. Here's what I've done (successfully) so far:

  1. Installed IIS 7.5 with PHP over FastCGI
  2. Got it working! When I go to http://localhost/index.php , my PHP scripts run fine.
  3. Ran ipconfig to find out that my local IP address is 192.168.1.102. I confirmed that http://192.168.1.102/index.php functions exactly like the localhost address above.
  4. Went into my router administration (I have a Linksys WRT54G2) and set up port forwarding on port 80 to 192.168.1.102. Now port 80 is forwarding to my machine.
  5. Set up an inbound rule in Windows Firewall to allow all activity on port 80.
  6. Found out what my outside IP address is from Google. Let's call it XXX.XX.XX.XX.

However, when I try to go to http://XXX.XX.XX.XX/index.php from my own machine, or from a computer far away and not on my network, either way... I get nothing. It tries to connect for awhile (unsuccessfully) but eventually just gives up.

Here's what I'm wondering:

  1. What am I missing? What did I forget/overlook? How do I get this working and accessible outside my own local network?
  2. Assuming I do get this working, how can I then use a port other than port 80? What changes would I need to make (e.g. IIS, Windows Firewall, router administration, etc.) in order to make that possible?

Thanks very much in advance!

soapergem
  • 719
  • 4
  • 13
  • 29

3 Answers3

5

This sounds like an HTTP.SYS issue that you are having.

Below is an excerpt from Scott Hanselman's blog that describes how to expose IISExpress outside of localhost. The blog post is longer which also describes how to all wire up SSL. But I believe the commands that I have posted below which I pulled from his post will help you resolve the issue you are having.

First, we need to tell HTTP.SYS at the kernel level that it's OK to let everyone talk to this URL by making an "Url Reservation." From an administrative command prompt:

netsh http add urlacl url=http://<LocalComputerName>:80/ user=everyone

Next, as I want to be able to talk to IIS Express from outside (folks on my network, etc. Not just localhost) then I need to allow IIS Express through the Windows Firewall. I can do that graphically from Windows, or type:

netsh firewall add portopening TCP 80 IISExpressWeb enable ALL

You may not need the last command since you state that you already created a firewall rule.

jamason1983
  • 176
  • 4
  • I ran the first netsh command to add a URL reservation, but this didn't do anything (still worked locally, but not outside my network). Any other ideas? – soapergem Feb 26 '12 at 20:04
  • This doesn't look right. You shouldn't need to muck around with http.sys to get an actual IIS 7.5 instance (not IIS Express) port-forwarded. – TristanK Feb 26 '12 at 21:25
2

  1. (Access from outside your network) Many residential ISPs (and some business ISPs) will block inbound traffic on certain service ports, like port 80 or 25. This is generally to keep you from running business services on a residential line due to bandwidth usage. The alternative is to run it on another port (see below).

  2. (Access from inside your network) The situation you're describing sounds like hairpin NAT. Here is a good high-level overview of Hairpin NAT. You will need to add NAT rules to your router to always make traffic destined for your external IP, port 80 go through your router and not directly from host to host inside your network. Caveat: Your router may not actually be able to do this.

  3. Change the port binding in IIS, then restart the website.

Community
  • 1
Joel E Salas
  • 5,562
  • 15
  • 25
  • I added a binding to IIS to have it work on port 8080, and again, this does work locally. So http://192.168.1.102:8080/index.php works. I also added an Inbound rule to Windows Firewall for port 8080, however it's still not working outside my network. I looked into adding NAT rules to my Linksys WRT54G2 router, and the help I found online said this would involve setting up its "Port Triggering" options. I set this up, but still... no dice. Any other suggestions? – soapergem Feb 26 '12 at 19:57
  • 1
    If you can access it internally, then Windows Firewall is not your problem. Port triggering is not what you want. You're going to be using port forwarding (if your router supports it). Forward traffic on port 8080 on your router's external interface to 192.168.1.102:8080 – Joel E Salas Feb 26 '12 at 21:07
  • I was already doing that (Port Forwarding on both ports 80 and 8080) BEFORE I asked the question. I'm still missing something, apparently. – soapergem Feb 26 '12 at 21:08
  • Does the router have any actual firewall rules (apart from NAT rules) that could be blocking traffic? If at all possible, set yourself up a box running pfSense to use as your router for debugging purposes. Your router (which is not designed for hosting services) is almost certainly the cause of your woes. – Joel E Salas Feb 26 '12 at 21:10
  • It looks like you didn't do anything wrong at the IIS level, it's just that the router is nonintuitive / your ISP is blocking you. It's also possible what you think is your IP is double-indirected; check the router's idea of what the external IP is. – TristanK Feb 26 '12 at 21:27
0

I had the same problem. Windows Firewall is blocking access. Turn it off and check it again. My guess is that it will work.

Larry Fortna
  • 1