Change to static IP on a network with dynamic NAT

I run a hand full of websites via Virtualmin Pro on a Cloud-service instance with a static external IP ( I would like to follow the recommendations and supply the static IP.

By doing this I hope to fix these issues:

If I go to the Virtualmin control panel > Select > Logs and reports > Check Connectivity:

DNS resolution mismatch resolved to instead of the expected
Check with your DNS registrar that the nameservers for the domain are set correctly, and that the IP address in your DNS records is correct.

SMTP connection failed
Network is unreachable
Make sure your system’s mail server is running and listening on the external network interface.

Apache server is complaining about missing VirtualHosts:

ubuntu@ns1:~$ sudo service apache2 restart * Restarting web server apache2 [Mon Jun 23 21:21:19 2014] [warn] NameVirtualHost has no VirtualHosts [Mon Jun 23 21:21:19 2014] [warn] NameVirtualHost has no VirtualHosts

(The SMTP error puzzles me since mails are coming through all right. But I figure it could relate to the DNS resolution mismatch)

Here’s some info on the network model. At the moment Virtualmin only picks up the internal IP address ( and registers it as given by DHCP.

The hosting provider is running dynamic NAT meaning that all outgoing traffic from the instances goes through the virtual router with internal IP address, external IP

Heres some information from the terminal:

ubuntu@ns1:~$ curl

ubuntu@ns1:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface UG 0 0 0 eth0 U 0 0 0 eth0

ubuntu@ns1:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 02:00:6c:0d:00:05
inet addr: Bcast: Mask:
inet6 addr: fe80::6cff:fe0d:5/64 Scope:Link
RX packets:815428 errors:0 dropped:0 overruns:0 frame:0
TX packets:632875 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:548156404 (548.1 MB) TX bytes:777898188 (777.8 MB)

lo Link encap:Local Loopback
inet addr: Mask:
inet6 addr: ::1/128 Scope:Host
RX packets:41958 errors:0 dropped:0 overruns:0 frame:0
TX packets:41958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13824582 (13.8 MB) TX bytes:13824582 (13.8 MB)

I am not using the BIND DNS module, using external. FQDN setup ok.

My guess is that I should go to Webmin > Networking > Network configuration > Network Interface > eth0

Here I would

  • Choose Static Configuration
  • Supply the static IP in IPv4 address
  • Supply the netmask
  • Leave broadcast to automatic

Then I would go and change all the IPs of my virtual servers to And I guess the “Address type to change” would be the “Real address”.

Not too sure of all this though, so before I go lock myself out of the system, I thought I’d better ask for some advice here. Any tips on setting the static IP up correctly and getting rid of the DNS resolution issue?

If your cloud provider requires you to use the private (10.*) IP and go through the router, you mustn’t change the IP in your network config. That would render your server unreachable.

If you’re not providing DNS services, you can actually work with the private IP in all places. Your server doesn’t really need to know that it is reachable through NAT from the outside.

It is important though that your server is always reachable via your external IP, i.e. your hoster’s router must forward that IP to your private one on all relevant ports (25, 80, 443, 110, 465, 993, 955 etc). Make sure you configured firewalls/port forwardings correctly if required.

About the errors/warnings you’re seeing:

“DNS resolution mismatch”: You can probably ignore that. It’s an artifact stemming from the NAT construct.

“SMTP connection failed”: This would imply that forwarding from your external to the internal IP is not working properly. This is not necessarily a problem of your server. Try to ping your server from the outside, and see if connection to port 25 works. Make sure your Postfix is running and listening on port 25, and that no local firewall is blocking connections.

Apache warning: Those mean that there’s extraneous NameVirtualHost for your external IPs in Apache’s main config file. You need NameVirtualHost directives for your internal IPs there, you can remove all other such directives. The message is not problematic though, except the external IPs are the only ones in there. Apache needs the internal IPS.

Thanks for your reply Locutus - very helpful :slight_smile:

The apache error stemmed from the external IP being mentioned in apache.conf along with the internal IPs like this:

NameVirtualHost 10.1.131:80 NameVirtualHost 10.1.131:443 NameVirtualHost NameVirtualHost

I have deleted the external IPs and the messages are gone.

The SMTP error does not stem from firewall issues, as far as I can tell. Postfix is running and the required ports are open.

A final thing I forgot to mention in my post above:

For the moment I have added the external IP to /etc/hosts like this: localhost.localdomain localhost ns1 localhost ns1

I figure the server needs to be able to resolve it’s own external IP. This has helped resolve some issues with CMS modules needing to “loop back” to the server.

About the SMTP error: Okay, this will require some further investigation then. :slight_smile:

What about your hoster, do you need to configure firewall/port forwarding there? Or are all ports on your external IP forwarded to the internal?

Can you connect to your server from the outside on other ports, like 80 or 110?

I have to manually forward the ports I intend to use (including 25, 110, 465, 587, 995, 993), and to my knowledge all ports are forwarded correctly - I can connect to them.

Okay, sorry then I don’t really know why the connectivity check would report that your SMTP is not reachable… You might try another mail server check on the Internet, to get a “second opinion”. :slight_smile:

If you tell me the IP address in question, I can do some tests from my end too.