none
Assign subdomain websites to unique private IP on a single server (IP Aliasing?)

    Question

  • I've read a few articles on assigning websites to individual IPs on a single server with a single NIC; however, I have been unable to get the setup to work. So now I'm wondering if I have misunderstood or if I'm missing steps to complete.

    1. If you have only one public IP, can you put websites on individual private IPs? e.g., public IP = 8.8.8.8, then in IIS assign AAA.mydomain.com = 192.168.1.50 and BBB.mydomain.com = 192.168.1.51
    2. Assuming 'Yes' to question 1, is changing the binding for each website all that is required within IIS? If not, what else is?

    The steps I completed so far are:

    • Server ha one NIC statically assigned to 192.168.1.50
    • AAA.mydomain.com has a Host A record for 192.168.1.50 and an IIS binding of 192.168.1.50
    • Added the additional IP 192.168.1.51 to the NIC using IPv4 properties outside of IIS. Now, the Advanced TCP/IP Settings of the Local Area Connection shows IPs of 192.168.1.50 and 192.168.1.51. Ipconfig shows both IPv4 addresses and both showup in IIS bindings dropdown.
    • Added a Host A record to DNS for BBB.domain.com with IP address of 192.168.1.51
    • Edited the bindings for BBB.mydomain.com. For http, changed IP address from 'All Unassigned' to 192.168.1.51. Left the port as 80 and and Host name as BBB.mydomain.com
    • Opened Command Prompt and ran iisreset
    • Used a workstation on the domain to open BBB.mydomain.com , site opened with no problems
    • Used mobile web browser to open BBB.mydomain.com, username/password pop-up for 'connecting to mydomain.ca' appears
    • Used mobile web browser to open AAA.mydomain.com, site opened with no problems

    To troubleshoot, I have disabled the router and Windows firewalls. Pings from the internet to AAA.mydomain.com and BBB.mydomain.com resolve to the public IP. Verified that NTFS and Share permissions are identical for both websites. Verified that Anonymous authentication is enabled.

    I would like to get this working so that I do not have to use a wildcard certificate for SSL. I believe my problem is outside of IIS, which is why I am posting here.




    Sunday, September 22, 2013 10:49 PM

Answers

  • Think I found my problem:

    http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability

    Friday, September 27, 2013 8:45 PM

All replies

  • Hi

    1. No for site with the same port with a simple router. All website traffic would be redirected to one server. Some router allow to filter web request to redirect at another server. So it's not only a port 80 forward rule, but a filtering device that check the http request. (Wich can add a big performance drop in webrequest in case of big website as you got to have a router with a higth CPU & Memory)

    So yes for your question if FTP & WWW. So two diffrent rules there. (port 21 & 80/443)

    2. Like I told, if only two different service you can split to multiple IP.

    Let me ask you, why multihoming a server in the same LAN ? In my opinion that is asking for trouble for all LAN traffic coming to it. (it will register twice in your DNS's console, etc...)


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Monday, September 23, 2013 1:38 AM
  • Sorry, but it seems the example website names I chose have created some confusion.

    Let's say the websites are AAA.mydomain.com and BBB.mydomain.com.  Both sites require individual SSL certificates (not a wildcard certificate).  Both sites will need to be on port 443.  Therefore, I want to use multiple IPs on the single NIC (I believe this is called IP aliasing).

    Monday, September 23, 2013 4:50 AM
  • Hi ,

    Your DNS infrastructure should be configured appropriately for supporting the name resolution.

    Eg: External clients when they access www.mydomain.com the DNS server ( either your org managed DNS or hosted DNS server ) should understand where to route the request which would be your internal DNS server

    if hosted , they (hosted company )  might have conditional forwarder set to route traffic to your org DNS server and your internal DNS will route to appropriate internal IIS server.

    Monday, September 23, 2013 6:08 AM
  • There is a single public IP address (e.g., 8.8.8.8) coming into the router. All websites share this address on the internet.

    The router is setup with DHCP. The entire network gets assigned private IP addresses.

    Server1 has

    • a static IP of 192.168.1.50
    • a single NIC with two IP addresses 192.168.1.50 and 192.168.1.51

    Server2 (a VM on Server1) has

    • a static IP of 192.168.1.100
    • shares the single NIC of Server1

    All websites have

    • Host A records in DNS pointing to either 192.168.1.50, 192.168.1.51, or 192.168.1.100
    • hostnames in IIS

    Status

    • Hostname: aaa.mydomain.com IP: 192.168.1.50 is accessible from the internet
    • Hostname: bbb.mydomain.com IP: 192.168.1.51 is not accessible from the internet (returns HTTP/1.1 200 OK message) but is accessible internally (site opens)
    • Hostname: ccc.mydomain.com IP: 192.168.1.100 is accessible from the internet
    • Pings to all three sites using the hostnames from an internet location return 'Reply from (the public IP)...'

    I'd like to figure out why bbb.mydomain.com is not accessible so that I can use SSL.  Because it can be pinged, I don't understand why it can't open.

    Tuesday, September 24, 2013 7:06 AM
  • Hi William,

    Based on the issue’s symptom, it should be caused a IIS problem. Therefore, would you mind to post a new thread to our IIS forum? It’s a more efficient manner to resolve the problem.

    http://forums.iis.net/

    Please understand, as platform support engineer we are not familiar with IIS technical. Thanks for your understanding in advance.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread


    Friday, September 27, 2013 9:43 AM
  • Think I found my problem:

    http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability

    Friday, September 27, 2013 8:45 PM
  • Hi William,

    Thank you very much for your sharing!

    This solution will help lots of people who have similar issues.

    Please feel free to ask us if there are any problems in the future.

    Best Regards,

    Amy Wang

    Monday, September 30, 2013 1:13 AM