Multiple static ips and only main ip is accessible

jjone

MY PFSENSE BOX HAS 6 PORTS.

WAN (NO IP)
|
-LAN STATIC IP 192.168.11.1/24
-OPT1 (NO IP)
-OPT2 (NO IP)
-OPT3 (NO IP)
-OPT4 (NO IP) LINKED TO WINDOWS SERVER 2008 R2 W/ 1 NIC AND 5 STATIC IPs (ALL FIREWALL DISABLED IN WINDOWS)

• OPT5 (BRIDGE0 CONTAINS WAN, LAN, OPT1, OPT2, OPT3, OPT4) TRANPARENT BRIDGE MODE.

MY WINDOWS SERVER 2008 R2 RUNING IIS 7.5 WITH 1 NIC AND I PUT IN 5 STATIC PUBLIC IPs WINDOWS tcp/ip (108.X.X.101 - 105)

THIS IS MY PROBLEM,

THE 1ST MAIN IP(X.X.X.105) IS ALWAYS ACCESSIBLE FROM OUTSIDE BUT NOT ALL.

WHEN I SET (X.X.X.102 OR 103 OR 104 OR 101) AS THE MAIN IPs FOR JUST A FEW SECOND IN WINDOWS tcp/ip SETUP
THEN THEY CAN BE ACCESSIBLE FROM OUTSIDE FOR ABOUT A DAY. AND NOT ACCESSIBLE AGAIN THE NEXT DAY WHEN I TRY TO ACCESS THEM.
I WILL HAVE TO SET THEM AGAIN AS MAIN IP IN WINDOWS TCP/IP…

I CAN SEE THE PACKET RECEIVED DATA BUT NOT SENT DATA WHEN I TRY TO ACCESS THE THOSE IPS EXCEPT THE MAIN IP.

WHAT DID I DO WRONG WITH THE PSFENSE ?

ANY SUGGESTION? OR HELP PLEASE. THANKS A LOT.

marcelloc

Can you install wireshark on Windows server to see if packages are reaching Windows?

If you see a lot of arp requests to ip aliases with no response on server segment, then it could be your server.

The best way to protect a web server in my opinion is configuring a reverse proxy between internet and iis.

Pfsense can do this with varnish or apache+mod security.

Snort with ips can protect iis from specific attacks.

jjone

hi, marcelloc.
Thanks for your reply.

I installed wireshark on my windows server, when i access my main ip it shows alot TCP connections, which means working.
however when i access the rest 4 addon staic ips in my tcp/ip, nothing happens in wireshark till i change them to main ip for a few seconds.

i don't know what is going on here.

marcelloc

You may need to do a tcpdump on all intetfaces at pfsense console to see where the ARP requests are.

The arp requests will look like "who has 72.12.23.100"

jjone

hi, marcelloc
thank you for your help. i will test it when i get back to my office tomorrow.

I only have 1 connection to pfsense OPT4 port from my windows server nic and my fiber optical internet connect directly to pfsense Wan port with via rj45 port(no modem inbetween).  all other ports on my pfsense box are not connected. also, i put no ip on OPT4 and WAN port.

very strange problem.

jjone

hi, marcelloc

I remove the pfsense box and plug in direct to the fiber connection. i can only access the main ip too.

maybe its my windows server problem.

marcelloc

@jjone:

maybe its my windows server problem.

Consider applying these ips on firewall and use a reverse proxy.

with reverse proxy as well on IIS, you can use host header do define website instead of using multiple ips.