IIS Home @ it-notebook.org

Navigation

IIS Home
IIS Articles/Information
IIS Questions & Answers
IIS Scripts/Code
IIS Software

Make your website public

(Kristofer Gafvert, December 4, 2005)

Introduction

This article will explain the necessary steps needed to make your website publicly available. Before starting you should have IIS installed (the article Install and configure IIS 6.0 to serve ASP, ASP.NET and static pages guides you through this) and secured.

After you have read this article you will know what is needed to do to make it possible to access your website using a domain name such as www.gafvert.info.

NOTE: The main steps (shown in the checklist section of this article) to accomplish this is generally the same for all scenarios. The steps to actually do it may however be slightly different. So you do need to do some thinking of your own.

Check that it works locally

The first thing to do is to verify that IIS is working locally. This assures us that nothing is wrong with IIS and we know that if we encounter any problems accessing the website from a machine on the local network (LAN) or outside the local network, it is not IIS that is the problem. We know this, because IIS does not make any difference between a request from the local machine and a request coming from a remote machine.

To check that IIS is working locally, browse to the website using http://localhost/ from the server itself. If it does not work, you need to troubleshoot this issue before continuing with this article. If the error message is "Cannot find server or DNS Error" (after you have disabled "Show Friendly HTTP Error Messages" in your browser), IIS may not be started. Troubleshooting IIS is however outside the scoop of this article.

Open port 80 and try with the public IP

Once we know that IIS is working, we can make it public. This step involves opening (or forwarding) port 80 in the firewall.

The exact steps for this depends on what firewall(s) you use. The machine used in this article is protected by two firewalls; a hardware NAT router and Windows Server 2003s built-in firewall.

To open port 80 in Windows Server 2003s firewall:

  • Click Start -> Control Panel -> Windows Firewall
  • Click on the Exception tab
  • Click Add Port button.
  • As Name, write IIS HTTP (or something else) and Port Number should be 80.
  • Click Ok twice
IIS exception in firewall

The NAT router is a typical consumer product (D-Link DI-624+) and to forward data sent to the public IP on port 80 to the web server, click on the "Advanced" tab and then on the "Virtual Server" tab, and edit the pre-defined virtual server HTTP. In the "Private IP" text box, write the private IP of the web server.

Configure NAT Router

If you have another firewall, please consult the manual of that firewall to find out how you do this, if you do not know.

NOTE: To find out your private IP, type ipconfig in a command prompt.

When port 80 is opened, you should be able to access the website by using the public IP.

The public IP is assigned to the machine connected to your ISP. In the case of the NAT router above, this is the device that is connected to the ISP, and this is the device that has the public IP. If the web server is connected to the ISP, the public IP is assigned to this machine. Because of this, there are different ways to find out what your public IP is. If the web server has the public IP, you can use ipconfig in a command prompt. If another device has the public IP, you need to consult the manual for this device on how to find out what IP is assigned to the device.

The easiest way however to find out this information is to visit the website http://www.whatismyip.com/ which will tell you what your IP address is.

Once you know the public IP, use it to browse to the website. For example: http://123.123.123.123 where 123.123.123.123 is the public IP.

It is important that you use a machine outside of your LAN (or a proxy server) to test this. The reason for this is that the TCP packets must go through the device you test. Say that you do not have any device in front of the web server, and from the web server connect using the public IP. In this case, the machine may identify that you are not a remote machine and let you thru, even though remote machines are blocked.

So to test that it works, you should test it as if you were a "real" client.

If you can browse to the public IP from a remote machine, you now have a public web server, and can continue to the next section.

If you cannot browse to the website using the external IP (and get the error message "Cannot find server or DNS Error"), here are a few things to check:

  • Does your ISP block port 80? Many ISPs block port 80 today.
  • Do you have a public IP, or does your ISP give you a private IP?
  • Have you properly configured all devices that could be blocking the request?

Use a domain name

When we can access the website with the public IP, the website is actually available to the public. Often however, you want your visitors to have an easy to remember name they can use. For this purpose, you use a domain name.

Domain names today are quite cheap to buy. You should however be aware of that you do not only need the name, you also need DNS hosting. And if you want an email address such as something@yourDomainName.com you need this service as well.

So if you look around to buy a domain name, make sure that you get everything you need, and not only the name, because the name alone will not work.

Another option if you do not want to buy a domain name, you can use any of the free services available, such as http://www.dyndns.com/ or http://www.no-ip.com/.

Configuring the DNS server is usually quite easy. No specific steps are given in this article however; because the steps are unique to the DNS service provider you have chosen. But you are usually asked to give a hostname, host type and IP address. As hostname, you type the domain name, for example www.yourDomain.com. Host type is an "A record", and the IP address is your public IP.

If you need help configuring the DNS, contact the DNS service provider.

Since the domain name is nothing else but a name translated to the public IP, the domain name will work if you can browse to the website using the public IP.

Checklist
  • Check that it works locally
  • Open port 80 and try with the public IP
  • Purchase a domain name, or use a free domain name
  • Configure the DNS server
  • Test with the domain name
  • Done!

FAQ

Do I need a static IP?
No. A dynamic IP will work. When your IP changes, you will have to update the DNS server, and these changes can take some time to reflect all over the world. So a static IP is recommended.

Do I need a public IP?
Yes, a public IP is needed.

Is there anything to do if my ISP blocks port 80?
Yes, you can run the web server on another port. This requires however that your visitors must specify the port when browsing to your website. To get around this, you can use a service such as Port 80 Redirect from no-ip.com (other similar services may be offered by other companies). For more information on this, see: "So your ISP has decided to block port 80?".

Resources

Install and configure IIS 6.0 to serve ASP, ASP.NET and static pages
Security Guidance Center for IIS
IIS 6.0 Security Best Practices (IIS 6.0)
Managing a Secure IIS 6.0 Solution (IIS 6.0)
Troubleshooting in IIS 6.0 (IIS 6.0)
Troubleshooting IIS 6.0 (IIS 6.0)
Windows Server 2003 Windows Firewall (WF)
How DNS Works
Domain Name System at wikipedia.org
Private network