Using CPanel with NAT - Urgent!

[quortex]

Hi all,

I have a really urgent problem if anyone can help me out I would seriously appreciate it.

I have about 120 sites on different IP addresses. The IPs point to our hardware firewall and the firewall then NATs these IPs to our internal address. The internal address is a box that runs cpanel and has all the sites set to the boxes single IP. We cannot currently easily change this.

So that allows our sites to look like they are on separate IP addresses to the outside world but they are all on one box and on one internal IP.

Now when I add accounts to CPanel I have to then go into the DNS entry and change the internal IP address to the correct external IP I want to assign to that site. This works absolutely fine although it is a bit of a pain.

The problem is that then if someone uses cpanel to add a subdomain etc. the apache configuration file is updated with the external ip address from dns rather than the internal ip address of the box. I need it to always put in the IP address assigned to the site rather than the IP assigned at the DNS level. This is the IP address shown when you list accounts.

This must be a common problem? Is there a configuration option I can change so that this occurs? Or do I HAVE to create a script to go through the apache config etc. and correct the entries?

Surely other people must use CPanel with this type of setup? Thanks in advance. Hope that all makes sense.

Kind Regards,
Mark

[brianoz]

If you go into the DNS section of the WHM menu, you'll see everything you need under "Edit Zone templates". There might be another way to do it, but as you need to be careful not to change the IP address of the machine this seems one of the best solutions.

[amlow]

If you go into the DNS section of the WHM menu, you'll see everything you need under "Edit Zone templates". There might be another way to do it, but as you need to be careful not to change the IP address of the machine this seems one of the best solutions.

Editing the Zone templates will also change the IP address in the httpd.conf
to the one of the dns zone, in this case it is not good (server is behind nat)
any other way for this to work ?

[Miraenda]

Actually, if you hard code the IP in the zone templates, it doesn't change the IP httpd.conf uses for the IP at all as httpd.conf picks the IP set as the main shared IP not the IP in the DNS zone template.

As a test, I did the following:

1. WHM > Edit Zone Templates > standardvirtualftp

2. Changed this line:

Code:

%domain%. IN A %ip%

To this line:

Code:

%domain%. IN A 74.74.74.74

3. Clicked Save button

4. Created a new account cpfoo.foo on my machine in Create a New Account area

5. Checked httpd.conf entries for it, which show the main shared server IP:

Code:

<VirtualHost 64.50.164.46:80>
    ServerName cpfoo.foo
    ServerAlias www.cpfoo.foo
    DocumentRoot /home/cpfoofo/public_html
    ServerAdmin webmaster@cpfoo.foo

6. Checked /var/named/cpfoo.foo.db entries:

Code:

cpfoo.foo. IN A 74.74.74.74

Changing the zone template does work and doesn't impact anything else on the system. It does exactly what it needs to do for NAT setups, which is keep the DNS entry as the external IP but all other entries on the machine as the internal IPs that were already set.

[deonsilva]

Just want to confirm the suggestions mentioned here
has worked for me in the pass, when using NAT.

[amlow]

Actually, if you hard code the IP in the zone templates, it doesn't change the IP httpd.conf uses for the IP at all as httpd.conf picks the IP set as the main shared IP not the IP in the DNS zone template.

As a test, I did the following:

1. WHM > Edit Zone Templates > standardvirtualftp

2. Changed this line:

Code:

%domain%. IN A %ip%

To this line:

Code:

%domain%. IN A 74.74.74.74

3. Clicked Save button

4. Created a new account cpfoo.foo on my machine in Create a New Account area

5. Checked httpd.conf entries for it, which show the main shared server IP:

Code:

<VirtualHost 64.50.164.46:80>
    ServerName cpfoo.foo
    ServerAlias www.cpfoo.foo
    DocumentRoot /home/cpfoofo/public_html
    ServerAdmin webmaster@cpfoo.foo

6. Checked /var/named/cpfoo.foo.db entries:

Code:

cpfoo.foo. IN A 74.74.74.74

Changing the zone template does work and doesn't impact anything else on the system. It does exactly what it needs to do for NAT setups, which is keep the DNS entry as the external IP but all other entries on the machine as the internal IPs that were already set.

well i did follow your instructions however the ip on the httpd.conf changes to the external ip(212.30.211.48
) instead of the local ip (10.10.8.1).
here is my standardvirtualftp configuration:

; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@ %nsttl% IN SOA %nameserver%. %rpemail%. (
%serial% ; serial, todays date+todays
86400 ; refresh, seconds
7200 ; retry, seconds
3600000 ; expire, seconds
86400 ) ; minimum, seconds

%domain%. %nsttl% IN NS %nameserver%.
%domain%. %nsttl% IN NS %nameserver2%.
%domain%. %nsttl% IN NS %nameserver3%.
%domain%. %nsttl% IN NS %nameserver4%.

%nameserverentry%. IN A %nameservera%
%nameserverentry2%. IN A %nameservera2%
%nameserverentry3%. IN A %nameservera3%
%nameserverentry4%. IN A %nameservera4%

%domain%. IN A 212.30.211.48

localhost.%domain%. IN A 127.0.0.1

%domain%. IN MX 0 %domain%.

mail IN CNAME %domain%.
www IN CNAME %domain%.
ftp IN A %ftpip%

any idea ?

[Miraenda]

Is your IP the internal IP in WHM > cPanel/WHM Basic Setup, so it shows as 10.10.8.1 in cPanel/WHM Basic Setup area? Because the DNS zones don't impact httpd.conf one iota. What does impact httpd.conf is what you have set for the IP in both IP Functions area as the main IP and what you have set for the IP in cPanel/WHM Basic Setup area. You should have the 10.10.8.1 IP set in WHM for IP Functions and cPanel/WHM Basic Setup area.

[amlow]

Is your IP the internal IP in WHM > cPanel/WHM Basic Setup, so it shows as 10.10.8.1 in cPanel/WHM Basic Setup area? Because the DNS zones don't impact httpd.conf one iota. What does impact httpd.conf is what you have set for the IP in both IP Functions area as the main IP and what you have set for the IP in cPanel/WHM Basic Setup area. You should have the 10.10.8.1 IP set in WHM for IP Functions and cPanel/WHM Basic Setup area.

Yes, the WHM > cPanel/WHM Basic Setup, shows as 10.10.8.1
and from some unknown reason it dose impact the httpd.conf
so every time my client enter new domain or addon domain I need to edit back the httpd.conf back to 10.10.8.1
the DNS zone is set correctly however to 212.30.211.48

[Miraenda]

When you go to Change Site's IP Address area and click a domain to change the IP, which IP shows up as the shared IP there?

[amlow]

When you go to Change Site's IP Address area and click a domain to change the IP, which IP shows up as the shared IP there?

It shows the 10.10.8.1

[Miraenda]

Then I have no idea as my own machine doesn't work the way yours is, other people's hasn't who I've set up either and the DNS zone templates don't change the Apache configuration on a normal machine. I'd tell you to open a ticket about it but for the fact cPanel doesn't support NAT setups.

All I can think is that you have a postwwwacct or some post account setup script that is modifying Apache configuration.

[amlow]

Then I have no idea as my own machine doesn't work the way yours is, other people's hasn't who I've set up either and the DNS zone templates don't change the Apache configuration on a normal machine. I'd tell you to open a ticket about it but for the fact cPanel doesn't support NAT setups.

All I can think is that you have a postwwwacct or some post account setup script that is modifying Apache configuration.

Would you be able to look at my server ?
I don't mind to pay you if you solve this problem for me.

[Miraenda]

I cannot contract for money per my employment, so unfortunately I couldn't look at the machine. I imagine there are other people here who would be willing to do that for money, though. If you don't have any offers on this post, there's a section to post for jobs here to pay and I'm sure someone would be willing to look into it.

If I could help you, I would, so I'm sorry that I wouldn't be able to look at the machine. I do hope someone offers to help look at it, though.

[amlow]

I cannot contract for money per my employment, so unfortunately I couldn't look at the machine. I imagine there are other people here who would be willing to do that for money, though. If you don't have any offers on this post, there's a section to post for jobs here to pay and I'm sure someone would be willing to look into it.

If I could help you, I would, so I'm sorry that I wouldn't be able to look at the machine. I do hope someone offers to help look at it, though.

Thanks Miraenda, I understand.

[Net Pro]

I have successfully configured my server behind NAT i had it working last night it stopped my external Ip is static to router and all ports forwarded to the local ip on server. Anyway the domain example.com wont got to the servers default page and the website wont show just shows internet explorer cannot display this webpage i even edited the zone template now I think Ive messed that up as I didnt need to configure this when it was working but I read through this forum and it recommended changing the line in dns zone file so I was wondering if this is why no domains point to the server default page????