+ Post New Thread
Results 1 to 7 of 7
Windows Server 2000/2003 Thread, Access IP enabled boilers from outside with IIS? in Technical; Not sure if this is easy/possible with our setup but I can but ask! We have had some new boilers ...
  1. #1

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    17

    Access IP enabled boilers from outside with IIS?

    Not sure if this is easy/possible with our setup but I can but ask!

    We have had some new boilers installed in the school and they are connected on static IPs to our internal network so that the Maintenance team can access their web-interfaces in order to alter settings etc.

    Our head of Maintenance would like access to them from home.

    Now I know I could do this by using our Cisco Pix firewall and a couple of our spare external IP addresses. Just create a port-forwarding rule, so one external IP address goes to each of the boilers internal IPs - We can password protect the boilers web interfaces.

    But ideally I'd like to make it simple for him (by not having to remember a load of different IP addresses) but secure. Could we do it with just one external IP address port-forward to a page on an IIS server - which would be accessible(with AD integration so he would have to put his school username and password in) from where he can choose a link which would bring up the relevant page for each boiler.... as this would save us having to have a seperate external IP for each boiler (as they intend adding more IP enabled boilers soon)

    If so, how do you get the links to point internally and not externally?

    hope that makes sense.

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,241
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    You would need to use reverse proxying for this which is not included in IIS, you could use apache for this or if you have ISA you could setup something with windows authentication quite easily.

  3. #3

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    17
    Quote Originally Posted by SYNACK View Post
    You would need to use reverse proxying for this which is not included in IIS, you could use apache for this or if you have ISA you could setup something with windows authentication quite easily.
    We have an apache server setup already running Moodle..... but I have no idea how to actually do anything with apache though! - it was installed as part of WAMP package just to run Moodle.... any guidance or good instruction manual for doing this through apache would be good.

    Don't know if another possibilty is to do it through the Pix firewall.... could I map it with port-forwarding for something coming from (for example.) 212.212.212.212:210

    to an internal address on port 80? or does the port-forwarding through a PIX have to go from one port to the same port. If not then I could just use one external IP address but with a different port connecting through to port 80 on the internal address of each boiler. I know this wouldn't give my AD authentication which would be useful, but would at least save on external IP address.

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    I would take your moodle server off your main production network and put it on a DMZ. I would also put the boilers on the DMZ and point the right ports to them.

    Z

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,241
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Quote Originally Posted by TheFopp View Post
    We have an apache server setup already running Moodle..... but I have no idea how to actually do anything with apache though! - it was installed as part of WAMP package just to run Moodle.... any guidance or good instruction manual for doing this through apache would be good.

    Don't know if another possibilty is to do it through the Pix firewall.... could I map it with port-forwarding for something coming from (for example.) 212.212.212.212:210

    to an internal address on port 80? or does the port-forwarding through a PIX have to go from one port to the same port. If not then I could just use one external IP address but with a different port connecting through to port 80 on the internal address of each boiler. I know this wouldn't give my AD authentication which would be useful, but would at least save on external IP address.
    This seems to be the definative turorial on Apache reverse prozy which should help, it is an open source type configuration though so involves many lines of stuff in text files:

    Running a Reverse Proxy with Apache:

    Here is a better one for Windows which does not seem to be to bad:
    http://www.tivohelp.com/archive/tivo...ki.net/31.html

    This will allow you to map virtual directorys to each boiler. I would probably install Apache on a different server just to handel this task and then point an external ip to it through the PIX once it is set up.

    The PIX option would probably be easier initially, you can map different external ports to port 80 on different internal ip addresses, if the boilers allow you to use an https interface it would be best to use this for external access to add an extra layer of protection.

    You could just have a hidden/not linked to page on your site that has a list of links to the different boilers pages with the external ip : port so that it was just a case of clicking from an index page to make it easier.
    Last edited by SYNACK; 30th January 2009 at 06:05 PM.

  6. #6

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    17
    Quote Originally Posted by FN-GM View Post
    I would take your moodle server off your main production network and put it on a DMZ. I would also put the boilers on the DMZ and point the right ports to them.

    Z
    and use reverse proxying from apache?

    Another stupid question, but whay move it on to a DMZ, instead of just allowing it to be accessed on specific ports (eg. http/https) through port-forwarding on the Cisco Pix.

    Sorry I'm probably sounding a bit thick, but this area is new to me.
    Last edited by TheFopp; 30th January 2009 at 06:23 PM.

  7. #7

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    17
    Quote Originally Posted by SYNACK View Post

    The PIX option would probably be easier initially, you can map different external ports to port 80 on different internal ip addresses, if the boilers allow you to use an https interface it would be best to use this for external access to add an extra layer of protection.

    You could just have a hidden/not linked to page on your site that has a list of links to the different boilers pages with the external ip : port so that it was just a case of clicking from an index page to make it easier.
    I think this might be the simplest way of doing things and easy to setup.

    I'll still look into the other ways though... if only just try and get my head around it!

SHARE:
+ Post New Thread

Similar Threads

  1. IIS access by group?
    By jmair in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 3rd February 2009, 07:46 PM
  2. IIS 6 Access control
    By Ryan in forum Windows
    Replies: 14
    Last Post: 22nd May 2008, 04:36 PM
  3. Do I need any of these protocols enabled on my printers?
    By sidewinder in forum Wireless Networks
    Replies: 4
    Last Post: 17th October 2007, 11:05 AM
  4. External Web Access to IIS 6.0 Server
    By ryan_powell in forum Web Development
    Replies: 24
    Last Post: 9th September 2006, 08:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •