Hi all!
I'm working on setting up virtualmin on a Centos 6.5 box and have successfully installed everything, but I have a couple of probably FAQ questions on the best practice way to do this. Sorry if it's FAQ but I've searched around for a while and I can't seem to find anything on what I'm trying to do either way..
So: 1: I build a Centos 6.5 minimal install. I'm behind a natting firewall, host IP 10.1.1.200, virtualmin.domain.com for the FQDN. 2: Install wget, perl, mlocate, postfix 2.11 so I can do per-sender maps etc) 3: Install Virtualmin with the auto-installer .sh 4: Go through the post-install script fixing any issues that it identifies (create per-sender postfix maps, bcc maps, adding greylisting etc).
Now I install domain.com as a virtual server, internal IP 10.1.1.20 , external IP (publicstaticIP - I have a block, all servers get a static translation on the firewall).
Now, I've defined both an internal and an external IP for this server, however only the external IP seems to make it into DNS and everyone on the internal LAN using virtualmin.domain.com for their DNS is getting (externalip) for www.domain.com and page cannot be displayed errors. Am I setting this up wrong, or does virtualmin not yet handle views automatically so that the private IP gets presented to (localnets) and (global) gets the catchall?
Also, when I install domain.com's SSL certificate in the VM and copy it to webmin, usermin, dovecot and postfix it seems to install properly because I can openssl s_client to postfix on pop3s and imaps ports but the "copy to dovecot" button never goes away, while the manage ssl certificate screen shows "already in use by webmin, usermin, postfix". Is this a bug or is something still missing that's preventing webmin from noticing it's already set up in dovecot?
Thanks in advance,
About the DNS issue: This behavior is somewhat to be expected. Virtualmin is meant to be used as a control panel to serve websites etc. to external clients, and thus it configures DNS with the IP address that is externally reachable.
If you need a more complex setup, here having different DNS replies for external and internal clients, you need to use BIND's feature called "client views". Setting that up is not covered by Virtualmin's automatisms though.
Best solution would be to ask your hoster to set up "NAT reflection" for you, so that also your internal clients can reach the external IP and are forwarded properly. Then you don't need to fiddle with DNS.
Hia,
Thanks for the answer. I know about views, I was wondering if (hoping that) Virtualmin set them up automagically, but the answer would be no. That's cool, perhaps an RFE for a future version. The "check your configuration" script detects if the local and public IPs differ, it doesn't seem like it would be much to extend that to then say "if (serverIP != privateIP) then (create zone in view ((external,public IP set) (internal,private IP set)))" instead of only creating the one external zone. It seems like it would be a lot less work than hitting a firewall to set up a new NAT reflection for each static IP being mapped. You could also play with DNS rewriting on the firewalls if the DNS server for local workstations is remote, but hairpinning on a Cisco ASA isn't exactly easy, so manually setting up views looks to be the way I need to go for now.
Thanks for the confirmation,