Hi Matt, What type of rule have you created to allow inbound connections to the Web server running on the ISA firewall? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > Sent: Friday, September 16, 2005 10:56 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA server not relaying clients IP to > web server. > > http://www.ISAserver.org > > Yes, your worst fears are true - the web server is running on > the firewall. > > I know this is the wrong way to do things, but the situation > has been forced > upon me, and I've got to do what I can to get this working. > > You've just given me a thought - > > I have figured out a way to get it working - by having iis > running on port > 81, and having the listener bridge everything from port 80 to > localhost:81. > > Lol, this is a nightmare. > > Thanks for your help Thomas. > > Matthew > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: 16 September 2005 16:48 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA server not relaying clients IP to > web server. > > http://www.ISAserver.org > > The Web server is *running on the firewall*??? (please say no) > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > > Sent: Friday, September 16, 2005 10:45 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA server not relaying clients IP to > > web server. > > > > http://www.ISAserver.org > > > > There is no web publishing rule - this server is not meant > > for external > > access. When someone initially connects to my wireless access > > point, my dhcp > > server issues them and ip, and when they try to browse, "a > > deny all http > > access from internal network to external" rule redirects > > any requests for external web sites to the web server running > > on the same > > machine. This web server provides these prospective users > > with a VPN login > > once > > they've signed up for the service - VPN users are then given > > access to the > > intenet using an "allow VPN traffic" rule. > > > > However, when the clients are initially redirected to the IIS > > server running on the same machine, the IP address of the > > servers internal > > network > > interface is being used in place of the actual clients address. > > > > I am unable to create a listener as this would mean that two > > programs are attempting to bind to port 80 to listen for > > traffic (IIS and > > web Listener). > > > > Hope this sheds more light on my dilemma. > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: 16 September 2005 16:41 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA server not relaying clients IP to > > web server. > > > > http://www.ISAserver.org > > > > Hi Matt, > > > > Web Publishing Rule or Server Publishing Rule? > > > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > > > Sent: Friday, September 16, 2005 10:20 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > web server. > > > > > > http://www.ISAserver.org > > > > > > Its ISA 2004, running on windows server 2003 enterprise > > > > > > > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: 16 September 2005 16:15 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > web server. > > > > > > http://www.ISAserver.org > > > > > > What firewall version? > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > > > > Sent: Friday, September 16, 2005 10:07 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > Does anyone have any more thoughts on this? > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > > > > Sent: 16 September 2005 00:13 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > Thanks for the reply > > > > > > > > There is no web publishing rule - this server is not meant > > > > for external > > > > access. When someone initially connects to my wireless access > > > > point, my dhcp > > > > server issues them and ip, and when they try to browse, "a > > > > deny all http > > > > access from internal network to external" rule redirects > > > any external > > > > website requests to the web server running on the same > > > > machine. This web > > > > server provides these prospective users with a VPN login once > > > > they've signed > > > > up for the service - VPN users are then given access to the > > > > intenet using an > > > > "allow VPN traffic" rule. > > > > > > > > However, when the clients are initially redirected to the IIS > > > > server running > > > > on the same machine, the IP address of the servers > > internal network > > > > interface is being used in place of the actual clients address. > > > > > > > > I am unable to create a listener as this would mean that two > > > > programs are > > > > attempting to bind to port 80 to listen for traffic (IIS and > > > > web Listener). > > > > > > > > Hope this sheds more light on my dilemma. > > > > > > > > Kind regards, > > > > > > > > Matthew Dendle > > > > > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: 15 September 2005 23:11 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > This is what you get with web publishing (reverse proxy). > > > > NAT has absolutely nothing to do with it. > > > > You can change this behavior on a per-rule basis by selecting > > > > "requests > > > > appear to come from the original client" in the "To" tab of the > > > > publishing rule. > > > > > > > > This setting requires that the published server use ISA as > > > the default > > > > route to the Internet. > > > > Basic IP routing applies... > > > > > > > > -----Original Message----- > > > > From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx] > > > > Sent: Thursday, September 15, 2005 2:48 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > Its isa server 2004, running on windows 2003 Enterprise edition > > > > > > > > I just don't see why the client doesn't connect directly to > > > > IIS, rather > > > > than > > > > going through the ISA servers NAT first. At least, I think > > > > that's whats > > > > happening - I cant see any other reason why it would use the > > > > IP address > > > > of > > > > one of its own interfaces rather than just relaying the > clients IP > > > > instead. > > > > > > > > Any ideas folks? > > > > > > > > > > > > Matthew Dendle > > > > www.telavoco.com > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: 15 September 2005 19:43 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA server not relaying clients IP to > > > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > What ISA version - 2000 or 2004? > > > > > > > > -----Original Message----- > > > > From: Matthew [mailto:matthew@xxxxxxxxxxxx] > > > > Sent: Thursday, September 15, 2005 10:16 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] ISA server not relaying clients IP to > > web server. > > > > > > > > http://www.ISAserver.org > > > > > > > > Hello everyone, > > > > I am hosting a website on the same machine as my ISA server. > > > > The reason > > > > for this is that my isa server is acting as a gateway for > > a wireless > > > > hotspot - users are redirected to my site, where they sign up > > > > and get a > > > > VPN client login, and are then able to connect to the > > > > internet. This is > > > > all working fine. > > > > > > > > However, I need to know what thier IP address is. > > > > When they connect to the web application (written in > ASP) thier Ip > > > > address > > > > always appears to be coming from the isa server itself, > > and not the > > > > clients IP. The clients IP is completely masked by the > > NAT firewall > > > > > > > > (for those of you who are familiar with asp, the > > > > server.requestvariables("CLIENT_IP") and "REMOTE_ADDR" and > > > > "HTTP_X_FORWARDED_FOR" all return the address of the ISA > > > > server, not the > > > > client) > > > > > > > > Is there any way i could fix things so that the clients IP > > > > will actually > > > > be forwarded in the environment variables? > > > > > > > > Thanks folks > > > > > > > > Matthew Dendle > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > matthew@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > matthew@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > matthew@xxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > matthew@xxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > matthew@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > matthew@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >