How do I run a virtualmin server inside a LAN only?

OK, I’ve just got hold of a Dell PowerEdge T710 with 2x Intel Xeon 6 core CPU’s, 192GB RAM, and 8x 1TB SAS HD’s configured as raid 5, and I installed the bare bones, headless Ubuntu Server 18.04.2 LTS, then I set the server hostname to a FQDN, then installed virtualmin using the install script, and let it install everything needed.

Now the question is, how can I use virtualmin to create LAN only access virtual servers? When I created a virtual server via the virtualmin ‘Add virtual server’ page, the DNS records are pointing to my WAN IP not the servers LAN IP.

This is what I did to setup my workstation to try and access any virtual servers on the server:-

1st I opened the NIC properties on my windows workstation and set the IPV4 DNS client IP address to the virtualmin server )192.168.0.160)

2nd Disabled LMHosts search.

3rd using a command window to flush the DNS resolver cache, ‘ipconfig /FLUSHDNS’

4th disable the NIC, then re-enable it

So now hopefully, any DNS requests should go through bind9 DNS service on the virtualmin server right? Wrong!, when I do a tracert on an outside domain name, such as yahoo.com, the first hop should be my server, but it’s isn’t,

Oh and the virtualmin server’s network DNS client settings are set to resolve file then DNS, and also the DNS order is:-

127.0.0.1
127.0.0.1
8.8.8.8
8.8.4.4

Here’s and example of what I tried:-

1…Create virtual server…domain name = testsite.com
2…Description = Pchelp website
3…Set admin password

Clicked on Create Virtual Server, then waited for everything to be configured and show the buttons for virtual servers list and show virtual server details. Then on my workstation, I try to use http://testsite.com in the address bar and it sends me to actual sites that exist with that domain name, instead of directing it to the internal IP address 192.168.0.160/testsite, but if I directly use 192.168.0.160 I get ‘Access Denied’, which tells me I haven’t yet setup a website there.

So, there has to be a way for virtualmin to use any domain name internally, and not access any outside DNS service unless I actually want to update the OS etc etc.

I should be able to type in a domain name on my workstation and it opens any websites that is configured with that name, EG, http://pchelp.com would open a website configured on that domain, or if I enter, http://sillypc.org, then that too opens a website configured for that domain but ONLY on the virtualmin server, I should be able to have 10 or more sites on a shared IP, but accessed using domain names, without attempting to resolve to a real domain name.

There is more than one way to approach this issue.

One way would be, to setup your virtualmin server also as a DNS (and maybe also DHCP) server for your local LAN and that way resolve your desired sites to resolve to local IPs instead of public?
One other way would be, to add those DNS records for local resolve to your DHCP server.
Ugly solution: distribute hosts file to machines needed to resolve those domains as local file to be replaced.

Can you copy and paste nslookup from your server an workstation for the testing domains u’re trying to make it work?

In virtualmin, when you created the server, which IP did you assign it? 192.168.0.160?

That is what you have in /etc/resolv.conf?

Because I believe that’s your issue, as I have this in my resolv.conf:

sudo cat /etc/resolv.conf

Generated by NetworkManager

search domain.com
nameserver 127.0.0.53

I changed the domain name to domain.com for example purposes.

Before I installed virtualmin, I set the server’s IP to static:-

IP 192.168.0.160
Netmask 255.255.255.0
Gateway 192.168.0.1

Then when I installed virtualmin, it set the DNS client to:-

127.0.0.1
127.0.0.1
8.8.8.8
8.8.4.4

Any virtual server created will use the shared IP of 192.168.0.160

I pointed my windows workstation’s DNS to the servers IP as bind9 is running on the server, it used to show:-

8.8.8.8
8.8.4.4

I changed it to use 192.168.0.160 for the DNS service.

OK, an ‘nslookup webhelp.com’ from a command promt on my workstation showed:-

Server: UnKnown

Address: 192.168.0.160

Non-authoritative answer:

Name: webhelp.com

Address: 107.161.23.28

But if I typed http://webhelp.com in a browser on my workstation I get an actual public website, not the one on the server, plus the DNS records for that domain name on the server show my public IP not the server IP.

And the DNS record list shows 8 addresses for that domain name, and all but localhost.webhelp.com point to my WAN IP. localhost.webhelp.com points to 127.0.0.1

This is what I have in /etc/resolv.conf

nameserver 127.0.0.1

nameserver 127.0.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

Added by Virtualmin.

Added by Virtualmin.

From what I understand, if you don’t have local DNS records on your webmin/virtualmin for the domain you want to serve locally, the resolver will use 127.0.0.1, fail to resolve and proceed with 8.8.8.8 and 8.8.4.4 to resolve the request and resolve it with a public IP and that’s your issue.

Try commenting out the 8.8.8.8 and 8.8.4.4 lines, add DNS records for the domains you want to resolve locally (as per your example) and see how it goes, don’t forget to restart BIND after commenting out the lines.

Shouldn’t virtualmin create those records for you when creating a virtual server?

I have just created a new virtual server using virtualmin, called mytesting.com and the bind DNS records for that domain show all the records needed such as www, ftp, mail, etc etc as well as the domain name itself all pointing to my WAN IP not the server’s internal LAN IP.

EG

mytesting.com A record = WAN IP

www.mytesting.com A record = WAN IP

ftp.mytesting.com A record = WAN IP

etc etc

for some reason when I create new virtual servers using any made up domain name, the DNS records created in bind always show my WAN IP not the servers LAN IP.

What I want to happen is when I create a virtual server using virtualmin, and use that domain name in a browser on my workstation, it should show the default webpage for the newly created virtual server,

When you created the virtualmin server from your example, what did you put under IP address and forwarding:

IP address and forwarding
Default mail forwarding address None
Network interface
Shared, on IP
Virtual with IP
Already active
IPv6 network interface
None
Shared, on IP
Virtual with IP
Already active
External IP address Same as real address

Network Interface shared on IP 192.168.0.160

IPV6 disabled

External IP address 192.168.0.160

Can you copy & paste nslookup command from your workstation and server for the desired domain?

nslookup on server:-

nslookup mytesting.com

Server: 127.0.0.1

Address: 127.0.0.1#53

Name: mytesting.com

Address: 192.168.0.160

nslook up from workstation:-

nslookup mytesting.com

Server: UnKnown

Address: 192.168.0.160

Non-authoritative answer:

Name: mytesting.com

Address: 185.53.178.6

This is my workstation ipconfig /all details for the NIC:-

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 4C-72-B9-08-0C-28

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.160

NetBIOS over Tcpip. . . . . . . . : Enabled

That’s your issue, it’s resolving wrong, on your 192.168.0.160, when used as DNS server for your local net.
Check BIND settings and(!) zone for mytesting.com

Here’s a few screenshots I just took, showing first the domain name in the list of zones, then master zone for that domain, then finally the list of records used on that domain, as you can see the address do point to 192.168.0.160, but for some reason I can’t use that domain name in a browser on my workstation.

https://www.dropbox.com/s/gb2n354sbkt187r/Showing%20domain%20name.jpg?dl=0

https://www.dropbox.com/s/8fyq8pfbxr08ddq/master-zone.jpg?dl=0

https://www.dropbox.com/s/ydegd9vw37nwp07/DNS-Records.jpg?dl=0

Can you jus for test purposes change /etc/resolv.conf

from:
nameserver 127.0.0.1
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4

to:
nameserver 127.0.0.1

and redo the nslookup on server and workstation.

cat /etc/resolv.conf

nameserver 127.0.0.1

Added by Virtualmin.

Added by Virtualmin.

Exactly the same results as before with nslookup on both workstation and server.
even when I flush the workstation DNS resolver cache using ‘ipconfig /flushdns’, I still get the same results.

I don’t know if this has anything to do with it, but the resolution order on the server is set to local hostname then DNS.

long shot: clear arp cache on workstation:

arp cache flushdns

try nslookup again

nope same result, it seems bind9 is getting results from outside the LAN somehow, because I get an un-authoritative answer with a WAN ip that’s not mine.

Under webmin, Networking, Network Configuration, what are your settings?

Hostname, Resolution order, DNS servers, Search Domains?

Another idea, for testing purposes:
in Webmin, Servers, BIND DNS Server, Miscellaneous Options, set Do full recursive lookups for clients? to NO.
Save, Apply, restart Bind.

Do a nslookup from workstation.

no different.

As for the network configuration:-

Hostname = pchelp.saundcom.com

Update host name in host address if changed = checked

Resolution order:- localhost name, DNS

DNS Servers:-

127.0.0.1

Search Domains = None