Looking forward, for all the folks (like me) that have to run virtualmin behind an NAT device, we really need automatic support for a split DNS infrastructure.
Extensive help on this is best found at isaserver.org.
I know that this is complicated, because it involves talking to multiple DNS servers, and ideally setting up multiple IP's and BIND servers on a single box, but it is certainlly doable.
The best support would be to have a simple mapper that just maps the public ip to the private ip, and updates an alternative DNS server.
I really hope that the guys address this, because it would put virtualmin in a league by itself as a hosting system. The big-boys certainly don't currently support this.
So here's the idea case: One box, hosts 2 DNS servers, each bound to a different private ip. One DNS hosts the public DNS records, and the NAT device would route external DNS requests to this ip. The other DNS/IP combination hosts the private DNS, and provides recursive lookups and forwarding for internal clients (especially the virtualmin box). So the virtualmin box DNS client would have the private DNS server as it's DNS server entry in networking, and would receive the internal ip address and properly resolve. The private DNS server would do a recursive lookup on any non-hosted domains (cnn.com), and life would otherwise be good.
On a domain by domain basis, you should be able to enable "publishing" a virtual server to the public DNS, so that you can do internal only websites that are completely invisible to the outside world.
Of course, this would also require that webmin have the capability of managing multiple master DNS servers. So it's a virtualmin and webmin problem.
Good thing they are both written by the same folks!
Show your support for this feature folks, if you don't need it now, you will need it in the future.