How can I create a non publicly accesible intranet on my webserver?

[jaffa]

Just wonder where on my hard drive I should place my intranet files. It should NOT be possible to connect to the intranet over internet. The only way to reach the intranet should be through a computer in the LAN. I Since I use server programming I want to be able to browse the intranet with a web browser etc.

I already have a webserver in the wwwroot (this is available to the public) using IIS, but where should I place the intranet files?

Should they too be placed in the ?wwwroot?-folder to get the server side code on the intranet work according to plans?

If yes, wouldn?t that make them accessible from the internet if you know what URLs the have?

 

[ivwshane]

The only way they would be accessible from the internet is if you forwarded port 80 to the web server (assuming you have a router).

Otherwise you should be able to type in the IP address of the web server in your browser and the webpage should come up.

 

[jaffa]

The thing is that I will have port 80 forwarded to the web server. Otherwise people on the net will not get access to my web pages (right?).

Knowing that port 80 is forwarded to the web server, does that mean it is a stupid idea to place the intranet pages on the same server as the web server?

 

[nweaver]

you have to create another site inside of IIS, and putting it on another port would make it easy to seperate.

 

[Brazen]

Originally posted by: jaffa
The thing is that I will have port 80 forwarded to the web server. Otherwise people on the net will not get access to my web pages (right?).

Knowing that port 80 is forwarded to the web server, does that mean it is a stupid idea to place the intranet pages on the same server as the web server?

Not necessarily. We have our internet and intranet on the same webserver, and both on port 80. I just assigned two ip addresses to the machine. The internet site is assigned to one ip and the intranet site is assigned to the other ip through IIS. The ip that the internet site is on is accesible from the internet (through our router) but the ip that the intranet site is on is only accessible from within our network.

 

[ivwshane]

Are you doing this with multiple nics or via virtual servers?

 

[jaffa]

The discussion is interesting but I have problem translating some of the information inte actions that are applicable for me.

If I have two sub folders called "public pages" and "internal pages" in the wwwroot-folder they are both accesible from the internet if you know what to type in the adress field.

Therefore I have some questions regarding two of the suggestions here:

1. How do I create "another site inside of IIS" and put this site on another port?

2. How do I assign 2 ip-adresses to a the machine where I run the web server? As far as I know a computer can only have one ip-adress, either fixed or assigned by the router through DHCP.

3. Can I for example create a separate ip-adress say 192.168.1.5 (to which I forward port 80) and assign this adress to the "public pages"-folder?

4. A follow up question for question no 2. How do I assign 1 of these 2 ip-adresses to my "public pages" and the other ip-adress for my "internal pages"?

5. How do I make sure that the ip-adress where I have the "internal pages" is not accessible from the net and of course that the oter ip-adress ("public pages") is accessible?

6. Last question. How do I access the internal pages from the LAN? Should I write for example 192.168.1.6 if this is the ip-adress of the "internal pages"-folder or can I write some kind of interal domain name?

Hope you can take a few minutes and explain the questions to me...

 

[Brazen]

Originally posted by: ivwshane
Are you doing this with multiple nics or via virtual servers?

Neither, I just assigned two IP addresses to its nic (I assume that is what you are really asking about). It's under Advanced under the TCP/IP settings.

 

[Brazen]

Originally posted by: jaffa
The discussion is interesting but I have problem translating some of the information inte actions that are applicable for me.

If I have two sub folders called "public pages" and "internal pages" in the wwwroot-folder they are both accesible from the internet if you know what to type in the adress field.

Therefore I have some questions regarding two of the suggestions here:

1. How do I create "another site inside of IIS" and put this site on another port?

2. How do I assign 2 ip-adresses to a the machine where I run the web server? As far as I know a computer can only have one ip-adress, either fixed or assigned by the router through DHCP.

3. Can I for example create a separate ip-adress say 192.168.1.5 (to which I forward port 80) and assign this adress to the "public pages"-folder?

4. A follow up question for question no 2. How do I assign 1 of these 2 ip-adresses to my "public pages" and the other ip-adress for my "internal pages"?

5. How do I make sure that the ip-adress where I have the "internal pages" is not accessible from the net and of course that the oter ip-adress ("public pages") is accessible?

6. Last question. How do I access the internal pages from the LAN? Should I write for example 192.168.1.6 if this is the ip-adress of the "internal pages"-folder or can I write some kind of interal domain name?

Hope you can take a few minutes and explain the questions to me...

1. In IIS you just right click "Web Sites" choose "new," then "web site..." and then follow the wizard. I suggest leaving it on port 80 and assigning it to a different IP address instead. That way you can put it in your local DNS server and your users can browse to it like a normal webserver.

2. see my previous post

3. yes, you absolutely can.

4. It's under the property pages for the site in IIS. I think it's on the General page. The default is something like <all unassigned> and you click on a drop-down box and select one of the IP address assigned from question 2 above.

5. that will depend on your router config. You forward port 80 to the ip address that you assigned the public site to in question 4 above. The other IP address will not have port 80 forwarded from the router, so it will not be accessible from the internet. IIRC you could as an extra measure tell the private site to only answer to your local subnet (but this is not necessary, and I have not set it on our webserver, but I think it is somewhere in the sites settings).

6. either one will work, either by IP address, or as I mentioned before if you have an internal DNS server you can assign whatever dns name you want to that ip address.

 

[ivwshane]

That's how I did mine.

 

[Boscoh]

Also, IIRC, in the site properties in IIS there are access controls where you can restrict site access by IP range if you wish. It's been a while since I've messed with IIS though...anyone know what I'm talking about?

 

[jaffa]

Thanks a lot for your help this far (keeping it on port 80 sounds like the most appealing alternative to me). I have found where I can assign a secondary (or several) ip-adress to the server but I am experiencing trouble when it comes to creating a new site. I?m running WinXP Pro but don?t know if that os have any limitations on the functions in iis, e.g. not being able to create several extra sites. Maybe an upgrade to Server 2003 is necessary to be able to add a second site?

The way everything looks now in the IIS MMC-window is in hierarchical order:
?IIS?
?Computer name?
?Web sites? and ?Default smtp server? on the same level

Under ?web sites? I have the ?default web site? and under this I have the two folders ?public? and ?internal? were all my web pages are placed respectively.

Q. 1.
My main problem is to create a new site (for my internal pages) because when I right click on the ?web sites? folder the only alternatives shown in the pop up menu are ?refresh?, ?properties? and ?help?. I?m not given the alternative to create a new web site. Hope you can tell me what I am missing?.

Q. 2.
I also added a couple of ip-adresses to the computer and then went to the ?default web site? and chose properties since I wanted to do some ip-adress assignment just for test. The dialog box where the ip-adress was <all unassigned> appeared. Therefore I clicked the drop down box but the only alternatives I was given were <all unassigned> and 127.0.0.1 (localhost). None of the 3 addresses I just added were available. Could there be anything that I have done wrong?

Hope you can help me a little bit longer?.

 

[Brazen]

Originally posted by: jaffa
Thanks a lot for your help this far (keeping it on port 80 sounds like the most appealing alternative to me). I have found where I can assign a secondary (or several) ip-adress to the server but I am experiencing trouble when it comes to creating a new site. I?m running WinXP Pro but don?t know if that os have any limitations on the functions in iis, e.g. not being able to create several extra sites. Maybe an upgrade to Server 2003 is necessary to be able to add a second site?

The way everything looks now in the IIS MMC-window is in hierarchical order:
?IIS?
?Computer name?
?Web sites? and ?Default smtp server? on the same level

Under ?web sites? I have the ?default web site? and under this I have the two folders ?public? and ?internal? were all my web pages are placed respectively.

Q. 1.
My main problem is to create a new site (for my internal pages) because when I right click on the ?web sites? folder the only alternatives shown in the pop up menu are ?refresh?, ?properties? and ?help?. I?m not given the alternative to create a new web site. Hope you can tell me what I am missing?.

Q. 2.
I also added a couple of ip-adresses to the computer and then went to the ?default web site? and chose properties since I wanted to do some ip-adress assignment just for test. The dialog box where the ip-adress was <all unassigned> appeared. Therefore I clicked the drop down box but the only alternatives I was given were <all unassigned> and 127.0.0.1 (localhost). None of the 3 addresses I just added were available. Could there be anything that I have done wrong?

Hope you can help me a little bit longer?.

It sounds like you are in the right spots, but I've only set this up on server OSes. You might be hitting a limitation with XP vs 2003. I'll check it on a virtual machine.

 

[jaffa]

Thanks! It would be great if you can check it on a virtual machine. Unfortunately I don't have a server 2003 myself to check it on.

 

[ktwebb]

You can create a new website in IIS on XP Pro however you can only run one at a time. So, you'd have to stop the main site and start the new site. Probably not a workable solution. However if you have administrative rights to the IIS server from a remote machine (you can use Run As if you don't on the local account) then you can always manage remotely, then stop and start the appropriate sites.

You have to add the additional site via vbs script.

C:\Inetpub\AdminScripts> adsutil.vbs create_vserv W3SVC/2
C:\Inetpub\AdminScripts> adsutil.vbs copy W3SVC/1 W3SVC/2

The first command creates the site. The second moves the metadata over. You'll want to open the MMC console and rename the second site after you run the scripts. And change the home directory.

Frankly I'd recommend putting your site(s) on another webserver app. Apache has an offering for Windows.

Edit: Also, I like to use Host Headers for local intranet sites. If your not running local DNS then you can always edit hosts or lmhosts files for name resolution.

 

[jaffa]

Ok thank you. Hope you can take some seconds to clarify some issues for me.

1.
Correct me if I'm wrong but what you are saying is basically that I can't run both my internet pages and intranet pages on the web server simultaneously?

2.
To do that I will have to get Server 2003 or use another server software like Apache?

3.
How do I "stop the main site" to be able to start a new one?

 

[ktwebb]

1. Yep

2. Yep

3. Right click the website, start/stop

 

[Brazen]

Originally posted by: Brazen

Originally posted by: jaffa
Thanks a lot for your help this far (keeping it on port 80 sounds like the most appealing alternative to me). I have found where I can assign a secondary (or several) ip-adress to the server but I am experiencing trouble when it comes to creating a new site. I?m running WinXP Pro but don?t know if that os have any limitations on the functions in iis, e.g. not being able to create several extra sites. Maybe an upgrade to Server 2003 is necessary to be able to add a second site?

The way everything looks now in the IIS MMC-window is in hierarchical order:
?IIS?
?Computer name?
?Web sites? and ?Default smtp server? on the same level

Under ?web sites? I have the ?default web site? and under this I have the two folders ?public? and ?internal? were all my web pages are placed respectively.

Q. 1.
My main problem is to create a new site (for my internal pages) because when I right click on the ?web sites? folder the only alternatives shown in the pop up menu are ?refresh?, ?properties? and ?help?. I?m not given the alternative to create a new web site. Hope you can tell me what I am missing?.

Q. 2.
I also added a couple of ip-adresses to the computer and then went to the ?default web site? and chose properties since I wanted to do some ip-adress assignment just for test. The dialog box where the ip-adress was <all unassigned> appeared. Therefore I clicked the drop down box but the only alternatives I was given were <all unassigned> and 127.0.0.1 (localhost). None of the 3 addresses I just added were available. Could there be anything that I have done wrong?

Hope you can help me a little bit longer?.

It sounds like you are in the right spots, but I've only set this up on server OSes. You might be hitting a limitation with XP vs 2003. I'll check it on a virtual machine.

Ok, finally got around to checking this on vmware. You are exactly correct in Q1 in that the option to create a new site on XP is missing. I also see someone has already posted a workaround but you still cannot run both sites anyway. I'm just verifying that this is also what I have found.

As for Q2, I had no problem assigning multiple IP address under TCP/IP properties and I had no problem assinging the default website to either address. It sounds like there is something wrong there, but since you will not be using IIS on this machine anyway, I guess it doesn't matter.

If you do not already have a Server OS purchased for running the website on, I would suggest trying Apache on Linux if you are comfortable with Linux or go ahead and run Apache on Windows XP if you are not experienced with a linux distro. I also administer a Linux/Apache/MySQL/PHP (LAMP) webserver, and I know it too can run multiple sites on seperate IP addresses, but I have not done it myself and could not tell you right off how it is done.

I believe setting up <VirtualHost> directives is the place to do this in the Apache config file. I'm curious, so I may look into this myself.