Installed pfSense and now website won't show?

Hi, I setup pfSense and added all the port forwards from my router, into pfSense, but my website still won’t show?

I have tried:
Linux > Terminal > $ ping > unknown host
I accessed Proxmox via Mint > Chrome > > Webserver is running.
I accessed Webmin VirtualServer via Mint > Chrome > > Username: root > Password: xxx > Enter > System Information, all services are up.
I accessed Webmin via Mint > Terminal >

$ ssh root@
[root@centos ~]# dig
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58817
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;		IN	A

;; Query time: 3 msec
;; WHEN: Thu Feb  6 16:53:56 2014
;; MSG SIZE  rcvd: 37 > > Error:

Parent	Info	Domain NS records	Nameserver records returned by the parent servers are:   ['WANIP']   [TTL=14400]   ['WANIP']   [TTL=14400] was kind enough to give us that information.
Warn	TLD Parent Check	WARNING: Looks like the parent servers do not have information for your TLD when asked. This is ok but can be confusing.
Pass	Your nameservers are listed	Good. The parent server has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
Pass	DNS Parent sent Glue	Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3)
Pass	Nameservers A records	Good. Every nameserver listed has A records. This is a must if you want to be found.
NS	Info	NS records from your nameservers	NS records got from your nameservers listed at the parent NS are:
Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly. 

Pass	Recursive Queries	Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
Pass	Same Glue	Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers.
Pass	Glue for NS records	OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors!
Error	Mismatched NS records	WARNING: One or more of your nameservers did not return any of your NS records.
Error	DNS servers responded	ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
Pass	Name of nameservers are valid	OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green!
Error	Multiple Nameservers	ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
Pass	Nameservers are lame	OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
Pass	Missing nameservers reported by parent	OK. All NS records are the same at the parent and at your nameservers.
Error	Missing nameservers reported by your nameservers	You should already know that your NS records at your nameservers are missing, so here it is again: 

Pass	Domain CNAMEs	OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Pass	NSs CNAME check	OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Pass	Different subnets	OK. Looks like you have nameservers on different subnets!
Pass	IPs of nameservers are public	Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
Pass	DNS servers allow TCP connection	OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
Pass	Different autonomous systems	OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
Pass	Stealth NS records sent	Ok. No stealth ns records are sent
SOA	Error	SOA record	No valid SOA record came back!
MX	Error	MX Records	Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!
WWW	Error	WWW A Record	 ERROR: I could not get any A records for!

(I only do a cache request, if you recently added a WWW A record, it might not show up here.)

I went back into Webmin > Servers > BIND DNS Server > Existing DNS Zones > Zone: > Edit Master Zone > Type: All > Type: NS says
I think name server should be and

I backed up current webmin files in Virtualmin > Backup and Restore > Scheduled Backups > Add a new backup schedule > Virtual servers > Servers to save: All virtual servers > Destination and format > Backup destinations: Local file or directory > Browse… > tmp > Backup (make folder if not there in tmp mkdir backup) > Ok > Create Schedule > Actions: Backup… > Backup Now.

I tried restore but backups are of whole Virtualmin server from Proxmox. Had to restore whole webserver on Proxmox. still won’t load. gives same nameserver error.

I haven’t changed or deleted any nameservers, so I don’t know if this is the true error or not, as pfSense install could probably not effect the name servers?

Sorry, this is much too complex with way too little information to give any meaningful advice.

What does Virtualmin have to do with pfSense and Proxmox? Yes I know what those are, you haven’t told us in any way how those are related in your installation.

Why do you have a “router” and pfSense? The latter is a router. What is “Mint”?

You need to first give us details about your exact installation and network strutcture, before telling us tons of stuff you tried that we can’t reproduce since we have no idea about your system.

Okay, here’s a topology:
Cable COAX > Cable Modem WAN > Cable Modem LAN > pfSense WAN > pfSense LAN > Switch > router LAN1 > router LAN2 > network (Proxmox > Virtualmin).

Modem DHCP server: enabled.
Modem WAN default gateway from ISP:
Modem WAN DMZ Address: (not sure on where this address is for?)
Modem WAN DHCP from ISP: xxx.xxxx.xx.xx.
Modem WAN DNS from ISP:
Modem WAN DNS from ISP:
Modem WAN subnet mask:
Modem LAN:
Modem LAN subnet mask:
pfSense DHCP server: disabled.
pfSense WAN DHCP from modem LAN:
pfSense LAN:
Switch: to LAN networked devices.
Router Wi-Fi DHCP server: disable as mode is AP.
Router Wi-Fi WAN: not needed as mode is AP.
Router Wi-Fi LAN:
Router Wi-Fi LAN subnet mask:
Router Wi-Fi LAN gateway:
Networked LAN devices DHCP server: disabled.
Networked LAN devices: static subnet IPs.

Alrighty, I’m sorry but I won’t even start trying to understand/debug a complex structure like that, with multiple cascaded routers and DHCP, apparently on a home connection again, and DMZ, virtualization and stuff, where problems can have a myriad of reasons, by guessing over the forum. :slight_smile:

All I could offer is personal support (instant messenger / Teamviewer) for a fee. But since I know that you’re not interested in paid support, I hope that someone else is willing/able to help you with this for free! Good luck!

Thank you for the reply and I’m sorry I cannot afford any money as an honest hard working IT person.
When the science and business makes some money I would prefer to resolve the issue quickly.
This is a business connection by the way, so not sure where your inference came from.

So, some information that may help…
Virtualmin > System Settings > Re-Check Configuration showed error DNS settings were wrong.

I updated the Gateway from the old router to the new pfSense router
Webmin > Networking > Network Configuration > Routing and Gateways > Create active route > Route destination: Default route > Netmask for destination: Default > Route via: Gateway > Create.

I could then update Webmin > Networking > Network Configuration > Hostname and DNS Client > DNS servers from to

Virtualmin > System Settings > Re-Check Configuration, then showed Virtualmin working.

However the same error about and occur.

I loaded up Virtualmin this morning to continue working on the error:
You should already know that your NS records at your nameservers are missing, so here it is again:

So, I added Webmin > Network Configuration > and > WANIP.
Virtualmin > System Settings > Re-Check Configuration > error:
Checking Configuration
The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active …
Your system has 996.68 MB of memory, which is at or above the Virtualmin recommended minimum of 256 MB.
Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add to the list of DNS servers, or turn off the BIND feature on the module config page.

… your system is not ready for use by Virtualmin.

So, I checked Hostname and DNS Client > DNS Client Options > DNS server is, not or like I set it to yesterday?

Might have been overwritten by DHCP.

The DHCP is coming from the cable modem.
The was the old static IP of the old router.

I don’t know why Virtualmin won’t save the new gateway which is (pfSense router, which had the DHCP server disabled).

Virtualmin says to use, but this also won’t save?
I checked for named.conf in /etc/ and no named.conf.
I checked resolve.conf in /etc, which only had code saying: nameserver

I changed Virtualmin > /etc/dhcp/dhclient.conf from #prepend domain-name-servers; to prepend domain-name-servers;


Same errors:
Webmin > Networking > Network Configuration > Routing and Gateways > Active configuration > Default Route > (old router’s IP address. Should be new pfSense router’s IP

Webmin > Networking > Network Configuration > Hostname and DNS Client > DNS Client Options > DNS servers: (old router’s IP address. Should be or pfSense router’s IP

I suggest not using DHCP for servers like this. Especially in a private network where you have control over what IPs get assigned for what. DHCP only leads to unnecessary confusion for servers, especially if you run DNS or have to do port forwarding.

The Virtualmin server has a static IP.
Only the cable modem has a DHCP server enabled.

All the port forwarding is set to Virtualmin’s static IP.
DNS still not working though.

Okay, no idea then why your DNS server settings should get changed. Normally only the DHCP client does that.

Well, pfSense router removed and website works.
So, either Virtualmin needs the default gateway to update from the old router to pfSense router
pfSense is blocking the DNS.

Virtualmin seems to be problematic with the default gateway, so I need help here to make this work properly.

Virtualmin normally works all okay with pfSense and static IPs. I’m running this myself on my VMware based virtualization hosts. No idea why it doesn’t for you, and unfortunately your network is too complex for me to try and figure out via forum.

Okay, when I go to Virtualmin > System Settings > Re-Check Configuration, the same error occurs:
… your system is not ready for use by Virtualmin.

I click on: list of DNS servers. This takes me to Hostname and DNS Client, which has settings:
DNS Client Options
Hostname: localhost.localdomain
Ticked, Update hostname in host addresses if changed?
Resolution order: Hosts file, DNS.
DNS servers:

I change the DNS server to and still says DNS cannot be reached.
I reboot Virtualmin and the DNS server of changes back to

My old router’s IP was and the website works if I remove pfSense and connect to the old router.

If anyone can help, I’ll PM the network topology.

Tried changing the default gateway again from to
Tried changing the Hostname and DNS Client from to and

Apply configuration and Virtualmin ignores changes and uses old data?
How to change these settings?

Well, problem fixed.

Virtualmin is indeed faulty.
Changing default gateway via GUI fails.

I navigated to /etc/sysconfig/network-scripts > changed GATEWAY= TO

So, now only settings to change is DNS server from to or

Anyone able to show me the path to this location?

Okay, I found the location for the Virtualmin > Webmin > Networking > Network Configuration > Hostname and DNS Client.

I changed

# Generated by NetworkManager
search com


# Generated by NetworkManager
search com

The GUI then showed the updated DNS server settings. Website still doesn’t show.
I rebooted Virtualmin and DNS server settings went back to

# Generated by NetworkManager
search com

Interesting as the Default Gateway settings are kept after I updated via the cli.

Any suggestions?

Might get overwritten by that “network manager” that’s mentioned in the comment in the file. Don’t know what that is though, I’m not familiar with your system.

Thank you for the reply.

The system is Virtualmin.
System hostname: localhost.localdomain (
Webmin version: 1.660.
Theme version: 8.7.
Kernel and CPU: Linux 2.6.32-358.el6.x86_64 on x86_64.
Running processes: 176.
Operating system: CentOS Linux 6.4.
Virtualmin version: 4.03.gpl GPL.