RE: ISA server not relaying clients IP to web server.
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 16 Sep 2005 10:15:08 -0500
What firewall version?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx]
> Sent: Friday, September 16, 2005 10:07 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server not relaying clients IP to
> web server.
>
> http://www.ISAserver.org
>
> Does anyone have any more thoughts on this?
>
>
> -----Original Message-----
> From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx]
> Sent: 16 September 2005 00:13
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server not relaying clients IP to
> web server.
>
> http://www.ISAserver.org
>
> Thanks for the reply
>
> There is no web publishing rule - this server is not meant
> for external
> access. When someone initially connects to my wireless access
> point, my dhcp
> server issues them and ip, and when they try to browse, "a
> deny all http
> access from internal network to external" rule redirects any external
> website requests to the web server running on the same
> machine. This web
> server provides these prospective users with a VPN login once
> they've signed
> up for the service - VPN users are then given access to the
> intenet using an
> "allow VPN traffic" rule.
>
> However, when the clients are initially redirected to the IIS
> server running
> on the same machine, the IP address of the servers internal network
> interface is being used in place of the actual clients address.
>
> I am unable to create a listener as this would mean that two
> programs are
> attempting to bind to port 80 to listen for traffic (IIS and
> web Listener).
>
> Hope this sheds more light on my dilemma.
>
> Kind regards,
>
> Matthew Dendle
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: 15 September 2005 23:11
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server not relaying clients IP to
> web server.
>
> http://www.ISAserver.org
>
> This is what you get with web publishing (reverse proxy).
> NAT has absolutely nothing to do with it.
> You can change this behavior on a per-rule basis by selecting
> "requests
> appear to come from the original client" in the "To" tab of the
> publishing rule.
>
> This setting requires that the published server use ISA as the default
> route to the Internet.
> Basic IP routing applies...
>
> -----Original Message-----
> From: Matthew @ Telavoco [mailto:matthew@xxxxxxxxxxxx]
> Sent: Thursday, September 15, 2005 2:48 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server not relaying clients IP to
> web server.
>
> http://www.ISAserver.org
>
> Its isa server 2004, running on windows 2003 Enterprise edition
>
> I just don't see why the client doesn't connect directly to
> IIS, rather
> than
> going through the ISA servers NAT first. At least, I think
> that's whats
> happening - I cant see any other reason why it would use the
> IP address
> of
> one of its own interfaces rather than just relaying the clients IP
> instead.
>
> Any ideas folks?
>
>
> Matthew Dendle
> www.telavoco.com
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: 15 September 2005 19:43
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA server not relaying clients IP to
> web server.
>
> http://www.ISAserver.org
>
> What ISA version - 2000 or 2004?
>
> -----Original Message-----
> From: Matthew [mailto:matthew@xxxxxxxxxxxx]
> Sent: Thursday, September 15, 2005 10:16 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] ISA server not relaying clients IP to web server.
>
> http://www.ISAserver.org
>
> Hello everyone,
> I am hosting a website on the same machine as my ISA server.
> The reason
> for this is that my isa server is acting as a gateway for a wireless
> hotspot - users are redirected to my site, where they sign up
> and get a
> VPN client login, and are then able to connect to the
> internet. This is
> all working fine.
>
> However, I need to know what thier IP address is.
> When they connect to the web application (written in ASP) thier Ip
> address
> always appears to be coming from the isa server itself, and not the
> clients IP. The clients IP is completely masked by the NAT firewall
>
> (for those of you who are familiar with asp, the
> server.requestvariables("CLIENT_IP") and "REMOTE_ADDR" and
> "HTTP_X_FORWARDED_FOR" all return the address of the ISA
> server, not the
> client)
>
> Is there any way i could fix things so that the clients IP
> will actually
> be forwarded in the environment variables?
>
> Thanks folks
>
> Matthew Dendle
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> matthew@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> matthew@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> matthew@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
