Sorry, as I said I’m not familiar with CentOS, no idea what might be overwriting your network config there. Eric might know, he’s more familiar with CentOS.
reboot Virtualmin and the DNS server of 127.0.0.1 changes back to 192.168.1.180
Is your system using DHCP for obtaining it’s IP addresses?
If so, that would explain some of the behavior you’re seeing.
You’d want to make sure your server is configured to use static IP addresses, and not dynamic ones, which can cause a lot of settings to be overwritten each time the system is rebooted or networking restarted.
-Eric
@Eric: I had already uttered that idea a while ago, but Eiger claims that his server is using a static IP.
Thank you for the reply.
Yes, the system (Virtualmin?) has static IPs.
Also, CentOS has static IPs setup.
I tried changing the static IPs, in particular, the gateway from 192.168.1.180 to 192.168.1.155 and the settings won’t hold, however this is mentioned in the previous couple of posts.
Well I still have my doubts there. As per your previous post, the two config files you tried to change are “Generated by NetworkManager”. So obviously those files get overwritten by that “network manager”. You might want to try and find out what that is and how to disable it.
Are you using a desktop version of CentOS, or a “minimal install” server version? Desktop versions are known to include all kinds of packages that are meant to make life for the end user easier, but which can interfere with server operations.
I thought this NetworkManager was a part of Virtualmin?
I am using CentOS Desktop version.
Nope, it’s definitely not a part of Virtualmin. It’s highly recommended to use a CentOS Server version instead of Desktop. (This applies to all distros actually, not just CentOS.) Your present issues are most likely caused at least in part by that.
Well, I have found out the the password and Network settings for Virtualmin interchanges with Centos.
I changed the CentOS Network Default Gateway, DNS and root password, which also changed the details in Virtualmin.
So, now Virtualmin has the correct Network configuration, however still no website showing.
Possibly the Virtualmin > Webmin > Networking > Network Configuration > Hostname and DNS Client > DNS servers > should have 192.168.1.155 and 127.0.0.1, rather than just 192.168.1.155?
Sorry, “no website showing” is not a problem report I can work with… That can have dozens of reasons. You need to be more specific and do the usual tests (ping, resolve name, check logs, etc.).
Thank you for the reply.
Sorry I wasn’t clear.
When I say still no website showing, I mean the same errors as per tests on the 1st post in this forum thread.
Okay, sorry, can’t help you with that via forum as you know. Your structure is too complex for that.
This might help simplify the network setup:
1 LAN computer (192.168.1.120) to the
pfSense router (192.168.1.155) to the
Virtualmin website server (192.168.1.163).
192.168.1.120 ~ $ dig @192.168.1.163 www.domain.tld
; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> @192.168.1.163 www.domain.tld
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31480
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.domain.tld. IN A
;; ANSWER SECTION:
www.domain.tld. 38400 IN A xxx.xxx.xxx.xx
;; AUTHORITY SECTION:
domain.tld. 38400 IN NS localhost.localdomain.
;; ADDITIONAL SECTION:
localhost.localdomain. 86400 IN A 127.0.0.1
localhost.localdomain. 86400 IN AAAA ::1
;; Query time: 3 msec
;; SERVER: 192.168.1.163#53(192.168.1.163)
;; WHEN: Mon Mar 03 10:02:26 EST 2014
;; MSG SIZE rcvd: 143
192.168.1.120 ~ $ nslookup
> server 192.168.1.163
Default server: 192.168.1.163
Address: 192.168.1.163#53
> www.domain.tld
Server: 192.168.1.163
Address: 192.168.1.163#53
Name: www.domain.tld
Address: xxx.xxx.xxx.xx
I can’t see any errors or problems in the output you just posted. What exactly is the issue at the moment? It’d also help if you avoided placeholders but used the actual IPs and domain names, otherwise I can’t do any tests of my own, which complicates the situation.
(Please be aware that I can only try to fix simple and immediate issues here, I can’t follow your whole structure - simplified or not - via the forum without screen sharing.)
According to the registrar glue records, the IP 124.191.169.67 is the responsible nameserver for that domain. BIND does not reply to requests on that IP though. You need to check if port forwarding is set up correctly (which is most likely the issue, given your complicated multi-router setup), BIND is running and listening on port 53, no firewall is blocking port 53, the usual things.
The issue is the website www.domain.tld (a community charity free site) won’t show on the Internet, but I can get it on the LAN.
www.intodns.com says the nameservers are not found?
Would Virtualmin be blocking the DNS packets?
I checked the iptables in Virtualmin and I would not know why Virtualmin would start blocking DNS packets?
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:dnp
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
No, your iptables indicates that port 53 UDP is open on your server. I suppose the issue lies with your cascaded router setup. Especially since you said that it started when you installed that pfSense router.
All fixed. Seemed to be a router WAN IP setting.
Thanks for the suggestions.