Running Centos 5.4 with VIrtualmin Pro.
I must be missing something very obvious. Server Internal IP is 172.20.201.33, Sonicwall Outside IP is 220.127.116.11.
I have created is Domain and setup a website and it works fine, Internally and Externally. Virtualmin Pro creates the Bind records as the local 172.20.201.33, Appache is happy and the internal and external world sees the website (I point to the IP from a DNS outside of local Bind). But this isn’t a good thing is if I want to use BIND and expose the dns records, its all non-routeable. The Socniwall correctly wraps the external to internal and internal redirect. (Since the dns for this domain is outside this locationi, the outside IP is always called)
If I tell Virtualmin to change the domain to the External IP by selecting Edit Virtual Server, Ip address and interfaces, virtual Interface, create now and set 18.104.22.168. On the save, Bind is now changed to the new one, a virtual ip is created, and the httpd.conf as VirtualHost 22.214.171.124.80. Now I get no access at all internally.
Either I am missing something, or I belive since the Sonicwall is a true firewall, it is rewriting the actual IP header when warapping around, so when inside it is being referenced as 172.20.201.33 and there is then no matching entry. Appache should be looking at the Name not IP, or as a bare minimum listening on both local and virtual.
This should be something very simple and its not making sense.
Yeah, you’ll want BIND to have records for the external IP, rather than the internal IP.
You can set that all up using the screens in System Settings -> Module Config -> Network Settings.
Specifically, it sounds like you’ll want to tune “Default IP address for DNS records”.
I agree and when I let Virtualmin Pro do that by assigning the External IP via virutal interface (was said in the original message), then outside access does not work. the httpd.conf now has the outside address, but then won’t repsond when hit as the internal address.
Yeah – having a server on an internal IP address causes problems, as you’re seeing
The simplest solution is to have the server on an external IP, as there’s only one way to access it at that point.
Beyond that, if you need to access it both internally and externally, you’ll need to jump through some hoops.
First, no matter what else you decide to do, you’ll want to keep the internal addresses in the Apache config.
When setting “Default IP address for DNS records”, since the actual external interface is on another router, you’ll need to manually specify the IP address. So you’ll want to use the “Other address”, and manually specify what your external IP address is.
From there, you need to decide how you’d like to handle all this… one way is to setup BIND views, so that BIND delivers different IP addresses to internal systems than external ones.
Another option is that on the desktops on your LAN, setup host records for the domains you’re accessing, and manually enter the IP addresses for them so no DNS lookup is ever performed. That of course works best if we’re only dealing with a small amount of desktops, and a small amount of domains.
you can create dns with 2 IP address (lan and wan)