Short summary clearly: I do not connect to domains(+SSL) from internal network (only connect if I add to hosts static entries WAN IP second router). External everything works.
EDIT: Your router likely doesn't support "NAT Reflection", also called "Hairpin NAT" or "NAT Loopback". This means that the requests to your public IP address from inside your own network are either not sent to the server at all or are sent to the server with the wrong "Respond-to" IP address, causing "Triangular Routing" which your computer can't handle. Your router may have a setting that allows you to turn on NAT Reflection. Otherwise, the only way to solve this is with "Split DNS" - setting up DNS in your network to return your server's private IP instead of its public IP.
!!This means 3 routers NOT support 'NAT Reflection' only 1 MikroTik.
Server machine: - OS: Debian 9.3 - Webmin version: 1.872 - Virtualmin version: 6.02 - Usermin version: 1.732 - Server: NGinx with Phusion Passenger (Ruby On Rails) - All installed packages are up to date
-- Business client hotel network setup is 4X ROUTERS:
First router ISP O2 HG622u gateway - public IP xx.xxx.xx.xxx
open DMZ > WAN TL-WR1043ND (static IP)
LAN port to WAN Mikrotik LAN port to WAN TL-WR1043ND
LAN to WAN TL-WR841N / TL-WR841ND
Virtualmin is behind TL-WR1043ND
open 80, 443, 993, 465, 5222, 5223, 5269
From external net everything works (http, https, imaps, jabber)
BUT If I'm at the local network:
a) on net first router get only domains with screen login to admin gateway HG622u for every domain.
b) on net second router get only domains without SSL only http
BUT!
If I add to laptop /etc/hosts at network on first or second router IP adress from WAN TL-WR1043ND everything works.
HOW to get to see the same(+SSL) domains on both local network as on the external network, without add data to /etc/hosts.
Note: If I setup clear nginx (6 domains) + dnsmasq without virtualmin, everything works internal, external.
Note2: WE love Virtualmin and support open source software and other our VPS and dedicated machines in other countries with Virtualmin works perfectly.. this is first machine with internal (wlan, lan) - external network for clients.
Thank you for Your response!
Alex
You have to set up Bind DNS to use "views". Make sure your devices use it as the DNS server.
https://doxfer.webmin.com/Webmin/BIND_DNS_Server#Using_BIND_views
Hello Noisemarine,
OK > I setup new client view > name: everyone for all clients and move (Existing DNS Zones) everything into this view
EDIT: I also move root zone to new view everyone
BUT I (the hotel customers) still can NOT connect from internal (intranet) to domains (only from vpn as opera, or protonvpn..), OR only from external network.
I would like to do this > if a customers arrives at the hotel and connect to any of the 4 wifi (WLAN, LAN) >> will get domains (6x for the time being ) from virtualmin + customers from external. Now works only from external.
Thank very much for Your answer.
Alex
You will need to disable DNS for (all) domains in order to switch to using views. Once you setup Virtualmin to use views you can turn the DNS feature back on and it'll generate new records within views. I'd recommend making sure you have good backups (and specifically a backup of just the zones files) Just In Case anything goes wrong (views are well-tested in Webmin, and in wide use by about a gazillion people, but this is a complex configuration...better to be safe than sorry).
--
Check out the forum guidelines!
Hello Joe,
OK.
BUT I still can not get domains from internal (intranet) ONLY connect if I add to customers devices hosts static entries WAN IP second router TL-WR1043ND
Behavior is the following:
test domain with http > show login screen to the home gateway on first HG622u
production domains with SSL > ERR_CONNECTION_TIMED_OUT
From external network everything works.
Thank you very much for Your answer and support!
Alex
I'm not sure if I understand what you have done. Did you create two views? One for internal and one for external? Essentially, that is what you need to do so that your hotel users will be served DNS records from the "internal" view, and people outside will be served records from the "external" view. Hopefully somewhat obviously, the internal zone file has names that resolve to internal/LAN IP addresses, and the external zone file has names that resolve to the public IP addresses. So, each domain has two zone files.
did you able to do it using views? I would be really happy to know how