Virtualmin for private use only

15 posts / 0 new
Last post
#1 Mon, 03/23/2009 - 18:05
sefs

Virtualmin for private use only

Hi all,

I've set this up for mainly private use on the LAN only where i can set up servers to test web apps. I may in the future want to access a server from outside my lan from the internet ... but not the moment.

So...does this still apply to me?

Configure DNS records to use a public address

To configure Virtualmin to create DNS records with a public IP, different from your internal private IP, first edit the 'Module Config' found in the 'System Settings' menu. Browse to the Other server settings section, and locate the option entitled Default IP address for DNS records. Enter the public IP address of your firewall or routing device (the firewall or router must also be configured to forward the data on to your Virtualmin server).

By the way what does the above actually do...does it just allow access to the virtual server domains from outside the LAN?

p.s. I would like to see what the dns bind server is doing...is there a link in the interface that can show me the records and zones for the dns? I had installed webmin sometime back and this was possible, but in this new virtualmin i can see where to gaze at the dns records.

Thanks.

Tue, 03/24/2009 - 05:38
andreychek

Those are mostly useful if you wish for your server to be able to act as a DNS/Nameserver, yet have your server exist on a private IP address.

If your goal is to run Virtualmin on a private LAN, and you don't want users out on the Internet to be able to query the DNS server running on it, I don't believe it's going to get you much to set those.

To see the DNS records, you can select the Virtual Server in question, then go into Services -> DNS Domain, and from there you can see what all is set.
-Eric

Tue, 03/24/2009 - 05:56 (Reply to #2)
sefs

Ok i think i follow you. So basically for private only I don't need to bother about that setting.

What about this scenario,

I register a domain called foo.com with say godaddy, and want to host it on my private lan..but want when someone goes to foo.com they get the website.

I would have to give godaddy some nameservers, mostlikely the name servers of the virtual machine which would be ns1.foo.com and ns2.foo.com THEN would i need that option maybe? And more importantly it sounds like a system wide setting. Can it be set per virtual server, as i may just want one virtual server accessible to the internet.

Thanks for your responses.

Tue, 03/24/2009 - 07:06 (Reply to #3)
ronald
ronald's picture

what I probably would do is set the system up as normal.
apache runs on port 80 so all websites that need to be public are run as normal, but for every website kept private I would set them on port 81

then in the hosts file (work PC not the server) I would add the LAN with site so I can connect to them over the LAN.

When finish working on the sites it would be easy to set them public just by changing the port from 81 to 80

Tue, 03/24/2009 - 07:36 (Reply to #4)
sefs

Good plan. I will attempt this.

Tue, 03/24/2009 - 07:45 (Reply to #5)
sefs

Question...

I don't have a static IP from my ISP it's dynamic, so i use dyndns. Will this field - External IP - take a domain name as well as an IP?

***
External IP

If your irtualmin server is on an internal private network, and all HTTP traffic is forwarded to it via a firewall or proxy, you should set this field to the IP address via which it is accessed externally, such as that of your firewall or router. When this option is set, the address entered will be used for all DNS records that would normally contain the real address, such as www, mail and ftp.

By default, the DNS records automatically generated for this virtual server will contain the IP address that it is assigned by Virtualmin. However, in some cases this address may not actually be the one you want web and mail clients on the Internet to connect to.
***

Tue, 03/24/2009 - 07:55 (Reply to #6)
sefs

p.s. NB: dyndns is setup in my router.

Tue, 03/24/2009 - 07:57 (Reply to #7)
sefs

... and I am not too sure how dyndns would take to hits from two machines updated the same name.

...missing that edit post feature.

Tue, 03/24/2009 - 08:02 (Reply to #8)
andreychek

I'm not overly familiar with how this works in Virtualmin, but there is a DynDNS module available in Addresses and Networking -> Dynamic IP update.

By doing it there, Virtualmin will correctly update all the external facing IP address goodies on your server.

So you might consider using that function in Virtualmin, rather than the one within your router (as I think both will handle updating the DynDNS service).
-Eric

Tue, 03/24/2009 - 08:18 (Reply to #9)
sefs

Thanks. I'll play around with it.

Tue, 03/24/2009 - 20:03 (Reply to #10)
sefs

Ok after reinstalling from scratch and going with .lan extensions I am up and running.

However I want to use the name I specified during setup which was fshlampserver.lan to connect to the web interface.

I need to set it up in dns but i dont think i need all the dns records as say the manuscript.lan Virtual Server as fshlampserverl.an does not have email, ssh, ftp or none of that.

I just need it to reslove to the web interface.

Currently these are the records for manuscript.lan

manuscript.lan. NS
manuscript.lan. A
www.manuscript.lan. A
localhost.manuscript.lan. A
webmail.manuscript.lan A
mail.manuscript.lan. A
manuscript.lan. MX
manuscript.lan. SPF

I am thinking for fshlampserver.lan i just need
fshlampserver.lan NS
fshlampserver.lan A
www.fshlampserver.lan A
localhost.fshlampserver.lan A

... and maybe
fshlampserver.lan. SPF

Someone let me know...thanks.

Wed, 03/25/2009 - 06:53 (Reply to #11)
andreychek

You need a DNS record for any host you wish to be able to access via name rather than IP address :-)

Your above list looks like a good start.

You aren't likely to need to setup SPF records for a private server, though there's also no harm in having them.
-Eric

Tue, 03/24/2009 - 08:39
sefs

I've gone a head to create a VS to see whats going on. I have to say it's pretty nice, simple and straight to the point.

I've encountered a problem though.

my virtualmin machine has the domain fshlampserver.local

I created a VS with the domain manuscript.local

from another machine on the LAN i did a dig of manuscript.local and got this...

[code:1]
; <<>> DiG 9.5.0-P2 <<>> manuscript.local
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42849
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;manuscript.local. IN A

;; ANSWER SECTION:
manuscript.local. 38400 IN A 192.168.1.56

;; AUTHORITY SECTION:
manuscript.local. 38400 IN NS fshlampserver.

;; Query time: 1 msec
;; SERVER: 192.168.1.56#53(192.168.1.56)
;; WHEN: Tue Mar 24 13:31:04 2009
;; MSG SIZE rcvd: 77
[/code:1]

Which looks ok except for the authority section...should'nt that be fshlampserver.local?

I can ping fshlampserver.local which returns 192.168.1.56 but since installing virtualmin I am unable to ping just fshlampserver which would usually return 127.0.1.1.

Also I am unable to ping manuscript.local or browse to it via web browser from the local lan.

I have 192.168.1.56 already set up in all the lan systems in resolv.conf as first entry or in case of windows as the first dns entry. I am assuming the bind was automtically confirgure to forward queries to a my isp dns...although now i think of it i didnt do that at anytime so how would it no which domains to forward too if i dont tell it.

Any ideas?

Tue, 03/24/2009 - 08:49 (Reply to #13)
sefs

Correction to "I can ping fshlampserver.local which returns 192.168.1.56 but since installing virtualmin I am unable to ping just fshlampserver which would usually return 127.0.1.1.
"

What i meant was that i could ping also fshlampserver from other lan systems and get 192.168.1.56 but can no longer do so after installing the virtualmin. I can only ping the fshlampserver.local name and get results.

Tue, 03/24/2009 - 16:45
sefs

ok i see my problem.

It's to do with the special use of .local, avahi aka bonjour and mdns.

While viewing the goings-on in wireshark request for manuscript.local goes out over mdns queries as opposed to dns queries, but of course this name will never be found by mdns as its not an actual machine running bonjour/avahi...so it fails.

Is there a way in samba you can configure it to gracefully go from resolution method to method until all fails.

With this mdns thing it either passes or it fails it looks like.

Is there a way to configure mdns fall back to dns if mdns fails to get a hit?

Other than that i will have to set up all V.S. domains with the .lan extension.

Topic locked