Oops, wrong forum, sorry. Couldnt see how to delete the post

Post edited by: BigBirdy, at: 2007/07/06 02:17

Hey Johnny,

Virtualmin has quite a few nice features for running in a NATted network like you have.

First thing would be to get the DNS records using the public IP while also getting the Apache to use the private address. You could also use the Dynamic DNS feature, if you don't want to run local DNS.

So, let's answer the first one: No, you don't need to have the Virtualmin server on the public IP, though it does make several things easier.

For the specifics of how to go about it, let's figure out the best way for you to set things up. Is this a dynamic IP (i.e. does you ISP issue a new one every time you connect?) or are you using a static public IP?

That'll determine whether you should use the dyndns feature or a local BIND instance.

If the local BIND, you'll want to edit the Module Configuration and set the "Default IP address for DNS records" in the "Other server settings" section to the public IP, and save it.

Hey thanks for the reply. I do have a couple of static IPs and will be using one for VirtualMin Hosts. I went into the Bind configuration in Webmin, but could not locate a section for "Other Server Settings", Maybe I am looking in the wrong place. There is a "Other DNS Servers" but this does nto have a setting for "Default IP address..."

"If the local BIND, you'll want to edit the Module Configuration and set the "Default IP address for DNS records" in the "Other server settings" section to the public IP, and save it."

Ah, found it. Ok I set the "Default Ip Address for DNS Records" to my primary static IP (207.216.240.xx) which port forwards all traffic to the internal Virtualmin Server on 192.168.1.2

Ok I created test virtual host with one of my domains, helpingyouth.ca. Everything was created fine, and using dig on the same host as the Virtualmin server I get the correct external IP

;; QUESTION SECTION:
;www.helpingyouth.ca. IN A

;; ANSWER SECTION:
www.helpingyouth.ca. 38400 IN A 207.216.240.xx

However, when trying to get to the site I ended up at the default web site at that IP, but when I changed the virtual host setting from *:80 to the internal IP in httpd.conf, I was then able to get to the doc root of the new host.

But I do get some errors from apache when it starts (there are other virtual hosts not imported into Virtualmin, and with the same "Virtualhost 192.168.1.2" setting:

#<VirtualHost *:80>
<VirtualHost 192.168.1.2>
SuexecUserGroup "#511" "#511"
ServerName helpingyouth.ca
ServerAlias www.helpingyouth.ca
DocumentRoot /home/helpingyouth/public_html
ErrorLog /home/helpingyouth/logs/error_log
CustomLog /home/helpingyouth/logs/access_log common
ScriptAlias /cgi-bin/ /home/helpingyouth/cgi-bin/
<Directory /home/helpingyouth/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
</Directory>
</VirtualHost>

Apache errors when starting:

Starting httpd: [Thu Jul 05 17:50:40 2007] [error] VirtualHost 192.168.1.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Thu Jul 05 17:50:40 2007] [error] VirtualHost 192.168.1.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Thu Jul 05 17:50:40 2007] [error] VirtualHost 192.168.1.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Thu Jul 05 17:50:40 2007] [error] VirtualHost 192.168.1.2:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Your NameVirtualHost and VirtualHost entries must match. I suggest making them both 192.168.1.2:80.

JohnnyStork wrote:
Oops, wrong forum, sorry. Couldnt see how to delete the post

No big deal. I moved it.

Ok, great, making progress here. I am now having problems with DNS. I can dig the internal server so long as I use its internal address of 192.168.1.2, but I am unable to DIG if I use the external address which is port forwarding port 53 tcp/udp to the internal virtualmin server at 192.168.1.2?

Is there a way to obtain more info to determine where/what is failing in the name server query?

I left the full ip in there so you might be able to try yourself from your end.

; <<>> DiG 9.2.4 <<>> @207.216.240.22 www.helpingyouth.ca
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48610
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

It looks like it's denying queries from outside your private, though it is listening. So, the firewall and port forwarding is right, but the BIND configuration isn't. Have you added any "allow-query" rules in the named.conf?

Ahhaa...this is whats in named.conf

allow-query { 127.0.0.1; 192.168.1.0/24; };

Should I be adding the external IP?