Virtualmin behind NAT router

Hi there,

My situation is a little complex so please bear with me. I’ve just installed Virtualmin on a fresh minimal install of Debian 4.0. The software works great (kudos to the team!) but I’m having issues regarding NAT. Unfortunately, I have a rather old router that doesn’t support translation from within the network - any requests to my external IP are bitbucketed into the gateway/router.

In the past, I’d used another DNS server (interally) to route domain names that I needed to test internally to the internal IP and using ZoneEdit for external IP. Now I’m using Virtualmin to handle external IPs.

The problem is that I need to force the IP address of the VHost to my external address (thus being unable to look at how the things would work from inside the network). I’m not even sure if the software works at all (trying to log into mail using Mail2Web doesn’t seem to lead to any fruition…)

The external IP is 202.63.60.60 with internal 10.0.0.3 - currently trying to get domain www.voodootechnologies.com.au working.

Any help right now would be appreciated!

Update: asked a friend to browse to the website and I get the same ‘It Works!’ that I get internally.

Killed and recreated the server to run on my local IP works fine. It also works fine externally.

Still can’t access email via mail2web though.

I’m getting the feeling that it’s defaulting to SSL?

Addendum: I’m running on Static IP

Does the fact that the server hostname / domain are completely distinct from the virtual domain name? The box has the name ‘clarent’ at domain ‘voodooland.net’ (which is an internal domain). I was getting some certificate errors logging into the email POP3 over TLS.

Also, when I create a new account - it assigns a username with username.domain (eg john.smith.voodootech) rather than just the username. Is there a way around this?<br><br>Post edited by: excalibur, at: 2007/12/05 06:38

Ok…I’ve logged onto the mailbox (over TLS…whoops :P)

However, any mails being sent to it aren’t arriving!

I still don’t get how Virtualmin deals with NATs though - this is just purely a learning point I’m interested in. Does it know when it’s behind a NAT and route accordingly - whether it’s receiving an internal or external request?

Can you please close this thread? I think my issues have (self)-migrated from a NAT issue to email issue.

Damn them email servers!

Can you please close this thread? I think my issues have (self)-migrated from a NAT issue to email issue.

What’s to close? It’s probably useful for others to see your troubleshooting process. You done good. :wink:

I will add one note, though, which is an unanswered question you brought up:

Does it know when it's behind a NAT and route accordingly - whether it's receiving an internal or external request?

No. Virtualmin doesn’t know anything about routes–it operates way above that level in the network stack. Webmin can configure routing and other such things in the Network Configuration modules. And, of course, Virtualmin can be configured to setup DNS records with a different IP (which would be your public IP), so Virtualmin can be configured to work fine on a NATted system. I don’t necessarily recommend it, but a lot of developers do run it that way on their devel machine and then deploy on a server with a public IP and better connectivity than a DSL/Cable connection can provide.

Ok - scratch that. I guess she was pulling data off the old nameservers. It seems that the domain name is now resolving to my local IP externally as well (try it yourself :P)

What would you do to have people on the outside resolve to the external IP and people on the inside resolve to the internal IP?

This might have something to do with the mail issues I’m having too.

This could work in theory - if I had the virtual server on the 202.63.60.60 shared address and then my windows server DNS (which all the internal computers use) resolve to the server directly. Trying it last night gave me bad results - but given that the nameserver change was obviously propagating - do you think its worth a shot?

What would you do to have people on the outside resolve to the external IP and people on the inside resolve to the internal IP?

You’ll need a view for that…Virtualmin doesn’t manage views, as it’s not really common in a virtual hosting environment. You only have to set it up once, however. The documentation for this can be found here:

http://doxfer.com/Webmin/BINDDNSServer#Using_BIND_views

You might want to read more than just that section, since BIND and name service can be intimidating for the uninitiated.

This could work in theory - if I had the virtual server on the 202.63.60.60 shared address and then my windows server DNS (which all the internal computers use) resolve to the server directly. Trying it last night gave me bad results - but given that the nameserver change was obviously propagating - do you think its worth a shot?

Depends on whether your router actually routes, or only does NAT. Consumer routers are notoriously crap in this area, and very rarely support what they call “loopback” (they’re using this term incorrectly, but it seems to be the standard nomenclature among consumer router vendors). If boxes inside your network can connect to the public IP of your server, then your router actually routes and you can point all users to the public IP.

You don’t need DNS at all to test this. Just try connecting to the public IP using any service that you know is responding on that IP–web, ssh, whatever. If it works, then your router is actually a router and you can use the public IP for internal and external clients.

Oh, yeah, when I say Virtualmin doesn’t manage views, I’m kind of mis-speaking. It supports adding to a specific view–and you’ll need to add that to your configuration if you go this way with your deployment–but it doesn’t manage multiple views with different addresses. You’re on your own for the private names and addresses. Presumably you’re not doing heavy duty hosting on such a network, so it shouldn’t be too traumatic to add a couple of zones to the local zone manually.

Nah - nothing too heavy duty. It’s just irritating, that’s all.

My router doesn’t support ‘loopback’ - it only does NAT. I’m looking at getting a new router due to that.

I can probably just manually replicate the DNS on the W2003 box.

Another question: does Virtualmin support subdomained VHosts? Say for example, I had domain voodootechnologies.com.au - can I set up separate space like support.voodootechnologies.com.au as another virtual server?

Disregard. Found it.

Bit of a hard location to find I reckon…I’d think a dropdown box would work better (or maybe an inital selection screen?)