Solved: Cannot access my HTTP server on port 80 across the Internet with port forwarding..? - Xfinity Help and Support Forums

vspin · ‎12-12-2019

(Windows 10)

I have an HTTP server (IIS 10) running on port 80. I'm forwarding port 80 on the router to my HTTP server's machine. I've been running the server across the Internet just fine until yesterday when I noticed that I can no longer connect. I can only connect locally (127.0.0.1).

Things I've tried in no particular order:

I ran: ipconfig /flushdns
I reset my Network connections on the machine.
I confirmed that World Wide Web Services is running, and enabled in the firewall on port 80.
I checked my host file, and it looks normal.
IIS Site bindings are correct.
I completely disabled my machine's firewall which didn't help.
I completely disabled the router's firewall which didn't help.
I completely disabled my antivirus which didn't help.
I deleted the port forward entry on the router, then recreated it which didn't help.
I've restarted my machine, and router throughout.
I tried 6 browsers, and all could not connect.
Telnet to my Public IP and Network IP on port 80 fails to connect.
Could not connect to my Public IP on port 80 by a machine not on the Network.

Things that have changed since last known to work:

I enabled remote access to the machine. I disabled it, and it did not help me connect to the HTTP Server.
I installed the Chrome extension "Stay secure with CyberGhost VPN Free Proxy" on my browser, and later removed it, which did not help me connect to the HTTP Server.
Windows 10 Updates
Router reset by Comcast/Xfinity (updates?).

Any ideas?

vspin · ‎12-13-2019

Port 80 is showing as "filtered" by IPFingerPrints. The only thing I can think of is that Comcast/Xfinity has recently blocked port 80 to my Public IP. If true, I am going to be so angry. I spent too much time troubleshooting.

flatlander3 · ‎12-13-2019

I just checked. Nope, inbound port 80 isn't blocked if you deliberately open it. Sure that's a good idea though? From somewhere else on the weberverse:

# nmap [external IP address] -Pn -p 80

PORT STATE SERVICE
80/tcp open http

You will never find a more wretched hive of swine and villeny as the comcast network......

I think much better questions are why would you do this with a windows box, and why port 80 anyway? If you're really going to do this, you also want packet filtering and remote attack mitigation for two reasons.

1. You're now a remote exploit target and should expect the worst.

2. Since you're a remote expolit target, you're going to pick up a whole lot of traffic once a portscan bot hits, and it's going to drive up your data usage, perhaps over the 1TB cap depending on how weak your setup is.

If the goal is to just be able to get content from a box on the inside of your network, there are other ways to do this. Depends on what problem you are trying to solve as to what that solution should be.

vspin · ‎12-14-2019

^ Very reasonable advice.

My problem: I ran netstat -a and found that 127.0.0.1 was the only listed IP listening on port 80. I ran netsh http delete iplisten ipaddress=127.0.0.1 which resulted in 0.0.0.0 listening on port 80, and now it's working again. I wish I knew what made the changes to my machine. That was really frustrating.

Cannot access my HTTP server on port 80 across the Internet with port forwarding..?

Cannot access my HTTP server on port 80 across the Internet with port forwarding..?

Re: Cannot access my HTTP server on port 80 across the Internet with port forwarding..?

Re: Cannot access my HTTP server on port 80 across the Internet with port forwarding..?

Re: Cannot access my HTTP server on port 80 across the Internet with port forwarding..?