Cannot access IIS web server

If you are getting a different IP when checking online, that may be an indication of a double NAT or some type of proxy service ahead of your Internet connection. If that's the case, you would have to create that port forwarding rule at the outermost public IP point for your network. Obviously, that's not an option for you.

Nuts....

Hmmm. you think Bell will open that port for me without costing me an arm and a leg?

javanoob101

Hmmm. you think Bell will open that port for me without costing me an arm and a leg?

I have never heard of that being done by an ISP, but it never hurts to ask. the worst they can say is no. The best is that they can resolve this issue for you. Just call them and let them know you are trying to host an app that runs on that port and you need port forwarding or another solution.

Maybe they can put you on another network segment where you have control of the public IP address.

Alright cool!

Thanks JorgeM, I'll try after i go and get some groceries.

I'll post the results when i get them.

javanoob101

I've never heard of an ISP doing this. Seems overly complex for a home connection.

As a sanity check, start with the home server, and do www.icanhazip.com, verify the public ip.
From remote machine, nmap the IP and port, what do you get?
Is the server running iptables/csf/or some other firewall?
What router do you have? Are you using dmz address or a single port forward? Remember you can't use both.

I have a Netgear MBR1210 router, CimmerianX.

I talked to 8 different tech's. 4 Bell tech's, and 4 Netgear tech's. To make this really long story short, my Netgear MBR1210 router is being assigned a private ip rather than a public ip and every port seems to be filtered. Not even port 80 is open!

So my network is being double "NATted" my router goes to another router to get to the internet, so i can't open any ports...

Is there anyway around this without paying Bell $10/month for a static ip?

javanoob101

Is there anyway around this without paying Bell $10/month for a static ip?

I don't see how you would get around this without having control of a public IP.

That's what I thought...

Bell said they can't open ports unless i have a static ip, but i don't get why port 80 is even filtered or why they are giving my router a private ip.

javanoob101

Public IPs are very scarce so its about supply and demand.

With regard to port 80, I think you may be confused. Why would expect that to be open inbound on your private IP address? Between a private and public network, there wil be a device providing NAT services. There wouldn't be any ports open or forwarded until you define them.

That's a sucky thing for ISPs to do. I use VPN back to my home all the time and I know I would hate it.

A VPN eh? I never even though of using one! You think a VPN would work for me?

A quick Google search seems promising.

javanoob101

You think a VPN would work for me

You will have the same problem. You would have to open ports to allow VPN traffic inbound. The only other alternative to not opening ports is to have your computer establish the outbound connection first, since all outbound traffic is allowed. This is how popular products such as "GoToMyPC" works.

The PC has an application running on the computer. It makes a connection to a central server. If you want to make a connection to your PC behind the firewall from the internet, you contact the "central server" to get the connection information and then you take advantage of that connection that is already open and you are able to get into the private network.

The details are lengthy to explain regarding the GoToMyPC example.., but the important thing to understand here is that if you want to get unsoliciated traffic into your private network, it has to be done at the public IP interface and port forward.

If you are trying to host some type of service from within your network, you need the port to be open.

Wait more searching yeild some results: I might have to forward ports to use a VPN?
Is this true? if so, I think we know what's going to happen...
javanoob101

Also, I did some port tests on my phone using it's own mobile data connection, and UDP ports seem to be open|filtered... Would UDP work for my IIS server? and ho can I use UDP with IIS

I might have to forward ports to use a VPN?

Yes, I answered that question a minute before you posted. we were probably typing at the same time. UDP? UDP is used for connectionless sessions. Web traffic is connection-oriented (TCP). An example of UDP traffic is DHCP.

so if I'm understanding this right, if my home computer makes an outgoing connection to me first, I'll be allowed a connection to my computer?

Say I somehow make my computer host my web server and make it connect to my laptop first, my laptop will be allowed to make an incoming connection because my home computer is requesting my laptop?

On a side note, a tracert bell.ca command in command prompt yeilds my computer connecting to 5 routers then the internet?? Does that even sound remotley correct?

javanoob101

so if I'm understanding this right, if my home computer makes an outgoing connection to me first, I'll be allowed a connection to my computer?

yes of course, here is a simple example... when you are at your computer and you open a web browser and access a web server on the Internet, the web server is communicating back to your computer by providing it the content you requested..A web server on the Internet would not be able to connect to your computer unless the connection originated from your network, or you had port fowarding turned on for a specfic port that Internet host was trying to comunicate on.

Say I somehow make my computer host my web server and make it connect to my laptop first, my laptop will be allowed to make an incoming connection because my home computer is requesting my laptop?

Your laptop would be able to respond to the web server.

I'm not trying to confuse you by providing you with this additional information. I was hoping you would understand the difference between solicited and unsolicited traffic. If I tried to access your web server within your private network right now, I cannot. that's because once i hit your public IP, the NAT service would see that traffic as unsolicited. It wont pass it through. Now for this example, we are doing some peer to peer sharing. Lets say that you make a connection to me from within your private network. At the NAT service, a mapping is created to maintain the session. When I respond to your request, the NAT service will see my traffic and look it up in the NAT table and see that you started the session. Therefore, my response is expected and therefore solicited. The NAT service will take my response traffic and deliver it back to your host.

Don't try to take this information and try to perform some magic with your web server. It was only for informational purposes. You will have to get that public IP and spend the extra dollars for it. Or, you may consider going with another provider that would include a static, or at least a dynamic IP with control over the port forwarding deal.

Ahhhh I see. Ethier way I look at it, I don't know where to start in terms of making my server connect to my laptop anyway or if it's possible...

So the only way is to open ports it seems right?
Thanks JorgeM and Cimmerian Xfor the explaniations and the insight into the issue...

Javanoob101

Hopefully I'm not getting ahead of myself, but if there was a piece of software that I can make an outgoing connection / auto port mapping (UPnP which my router supports, dunno about Bell's internal ones) I'd like to think that this method would work?
Usually, Utorrent will "find" an "open" port. ie port 54676 will be open it will say. Utorrent should be using auto port mapping... Could i temporarally open ports like this?

javanoob101

Okay, new thought.
Is there some program out there that will connect 2 incomming connections together?

Like this: My desktop connects to my friends computer then my laptop connects to that same computer (my friends) then it connects my laptop to my desktop computer.

If this exsists, then that might be the workaround for the NAT routers I can't control.

javanoob101

I don't follow that last post....

Sorry, I mean like this:

My friends computer routes my connection to my laptop.

javanoob101

My desktop connects to my friends computer then my laptop connects to that same computer (my friends) then it connects my laptop to my desktop computer.

You've kind of explained how "GoToMeeting" is designed. Where the "my friends" computer is the systems managed by "GoToMeeting". the purpose of those servers is to manage the outgoing connection from the computer within the private network.

I really dont see or know of any solution you could use.

Hmmm, I kinda thought that wouldn't work...

However, I am in College taking Networking now so as I learn, I may find the solution!
I'll let you know if I do.
Until then, keep the idea's coming!

javanoob101

Hello everyone,
I found a software that may help, but i can't seem to get it to work...
Perhaps someone else here can get it to work?
it's call "chownat" (i'm using the win32 version it' a command line program)
here is link to the webpage: http://samy.pl/chownat/

Please let me know if you got it to work.

javanoob101

Interesting find. I'd recommend you contact the developer while you wait for other members on this site that may have experience with this to respond. There is an "email me" link on that site.

Sorry JorgeM, I overlooked that.
As soon as I get the chance, I'll give him a shout!

javanoob101

i know this is old but i'm w bell too and stumbled here thought i'd offer the idea of hfs http://www.rejetto.com/hfs/. that's good if you only need to share files, i forward port 280 and works well.

i was researching why ftp port 21 wouldn't work unless i turn DMZ on, port forwarding doesn't work for ftp no clue why, but at least it works w DMZ, which is another option for file sharing.

as for port 80 that's old news to me, they block it here in Canada i'm a bit surprised they don't block it everywhere, ur lucky if they don't. ppl could enjoy not needing to pay a web host. buuut you could always use another port like 8080 which is a common number. you could even use a free port forwarding service like no-ip.org so the end user doesn't need to type :8080 but can get a little twisted, browsers can get messed up etc.