cPanel behind 1:1 NAT problems

Operating System & Version
CENTOS 7.9 hyper-v
cPanel & WHM Version
v92.0.6

hamid.hgl

Member
Jan 5, 2021
6
0
1
UAE
cPanel Access Level
Root Administrator
Hello everyone
in cPanel behind 1:1 NAT everything works perfect, except these parts:

1- WHM Email Deliverability (DKIM and SPF PROBLEMS EXIST) Warning: Because this is not an authoritative nameserver for the domain “hostname”, the current or suggested records will not reflect your changes. (all domains DKIM and SPF is correct with no error only hostname problem)

2- SMTP mail from websites like WordPress and WHMCS does not work with CSF enable ( only works with 127.0.0.1 as SMTP host and 587 and 25 ports; not work with 465)

I guess these are DNS problems or DNS record missing, can anyone help me?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,491
1,008
313
cPanel Access Level
Root Administrator
Hey there! Neither of those messages would be related to the NAT configuration on the system. The first one is just letting you know the local machine is not the nameserver that handles the DNS records for your hostname, and the second is just letting you know that CSF can cause some conflicts. If everything else is working how you expect, the NAT configuration is fine.
 

hamid.hgl

Member
Jan 5, 2021
6
0
1
UAE
cPanel Access Level
Root Administrator
thank you for your reply.

this is my configuration:

(1.2.3.4 is a sample for my public IP)

Registrar panel:
I create 2 Nameserver Hosts in the registrar panel: ns21.mydomain.net>1.2.3.4, ns22.mydomain.net>1.2.3.4, and set mydomain.net Nameserver to these values.

WHM:
and in the WHM, Basic WebHost Manager® Setup > Nameservers > Nameserver 1: ns21.mydomain.net IPv4 1.2.3.4, Nameserver 2: ns22.mydomain.net IPv4 1.2.3.4

The IPv4 address (only one address) to use to set up shared IPv4 virtual hosts > 1.2.3.4

and I add mydomain.net to cPanel as an account.

DNS zone in mydomain.net:

Name
TTL
Class
Type
Record
mydomain.net.86400INSOASerial: 2021010301
Mname: ns21.mydomain.net
Retry: 1800
Refresh: 3600
Expire: 1209600
Rname: servers.mydomain.com
mydomain.net.86400INNSns21.mydomain.net
mydomain.net.86400INNSns22.mydomain.net
mydomain.net.14400INA1.2.3.4
mydomain.net.14400INMXPriority: 0
Destination: mydomain.net
mail.mydomain.net.14400INCNAMEmydomain.net
www.mydomain.net.14400INCNAMEmydomain.net
cpanel.mydomain.net.14400INA1.2.3.4
autodiscover.mydomain.net.14400INA1.2.3.4
whm.mydomain.net.14400INA1.2.3.4
cpcalendars.mydomain.net.14400INA1.2.3.4
webmail.mydomain.net.14400INA1.2.3.4
server11.mydomain.net.14400INA1.2.3.4
ns21.mydomain.net.14400INA1.2.3.4
ns22.mydomain.net.14400INA1.2.3.4




and DNS zone for my hostname is : ( when I want to reset this zone, this error appear: Error: Unable to determine the IP address for server11.mydomain.net)

Name
TTL
Class
Type
Record
server11.mydomain.net.86400INSOASerial: 2021010501
Mname: ns21.mydomain.net
Retry: 1800
Refresh: 3600
Expire: 1209600
Rname: servers.mydomain.com
server11.mydomain.net.86400INNSns21.mydomain.net
server11.mydomain.net.86400INNSns22.mydomain.net
server11.mydomain.net.14400INA1.2.3.4
server11.mydomain.net.14400INMXPriority: 0
Destination: server11.mydomain.net
mail.server11.mydomain.net.14400INCNAMEserver11.mydomain.net
www.server11.mydomain.net.14400INCNAMEserver11.mydomain.net
ftp.server11.mydomain.net.14400INCNAMEserver11.mydomain.net


so I think for nat I need some DNS records to point something to localhost or to internal IP???
 

hamid.hgl

Member
Jan 5, 2021
6
0
1
UAE
cPanel Access Level
Root Administrator
The first one is just letting you know the local machine is not the nameserver that handles the DNS records for your hostname
As I explained in the previous post, the local machine is the nameserver that handles the DNS records for my hostname.
but something maybe in NAT configuration is preventing it from detecting local machine as an authoritative nameserver!

CSF can cause some conflicts
SMTP mail works outside the server with CSF enable, but can't connect to "mail.mydomain.net" or all other hosted domains in the server!
And so I think the problem could still be with nat settings and how to connect to localhost or internal IP.
 

hamid.hgl

Member
Jan 5, 2021
6
0
1
UAE
cPanel Access Level
Root Administrator
I did not purchase my license directly through cPanel to create a ticket that directed me to the correct license provider.

Unfortunately, most NAT problems in cPanel forums ended with a referral to submitting tickets and the result is not available to other users.
By sending the DNS zones, I hope you tell me whether they are correct or not and maybe the key to solving this problem.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,491
1,008
313
cPanel Access Level
Root Administrator
It's important to note that cPanel itself doesn't configure the NAT - we just detect the network configuration on the operating system and then ensure that cPanel is configured to use that.

Could you provide the output of the following command on the system:

Code:
cat /var/cpanel/cpnat
That would show us how the NAT is currently configured and may get us more details.
 
  • Like
Reactions: hamid.hgl

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,491
1,008
313
cPanel Access Level
Root Administrator
Great - that's how I'd expect that file to look, with the private IP mapping to just one public IP address. If that's the case, the basic NAT setup seems to be working properly, but there still could be other issues.

I still believe a ticket is the best way to go for this problem, and if you paste the ticket number here once that is created I can follow along and make sure this thread stays updated.
 
  • Like
Reactions: hamid.hgl