cPanel behind 1:1 NAT problems

[hamid.hgl]

Hello everyone
in cPanel behind 1:1 NAT everything works perfect, except these parts:

1- WHM Email Deliverability (DKIM and SPF PROBLEMS EXIST) Warning: Because this is not an authoritative nameserver for the domain “hostname”, the current or suggested records will not reflect your changes. (all domains DKIM and SPF is correct with no error only hostname problem)

2- SMTP mail from websites like WordPress and WHMCS does not work with CSF enable ( only works with 127.0.0.1 as SMTP host and 587 and 25 ports; not work with 465)

I guess these are DNS problems or DNS record missing, can anyone help me?

 

[cPRex]

Hey there! Neither of those messages would be related to the NAT configuration on the system. The first one is just letting you know the local machine is not the nameserver that handles the DNS records for your hostname, and the second is just letting you know that CSF can cause some conflicts. If everything else is working how you expect, the NAT configuration is fine.

 

[hamid.hgl]

thank you for your reply.

this is my configuration:

(1.2.3.4 is a sample for my public IP)

Registrar panel:
I create 2 Nameserver Hosts in the registrar panel: ns21.mydomain.net>1.2.3.4, ns22.mydomain.net>1.2.3.4, and set mydomain.net Nameserver to these values.

WHM:
and in the WHM, Basic WebHost Manager® Setup > Nameservers > Nameserver 1: ns21.mydomain.net IPv4 1.2.3.4, Nameserver 2: ns22.mydomain.net IPv4 1.2.3.4

The IPv4 address (only one address) to use to set up shared IPv4 virtual hosts > 1.2.3.4

and I add mydomain.net to cPanel as an account.

DNS zone in mydomain.net:

Name​	TTL​	Class​	Type​	Record​
mydomain.net.	86400	IN	SOA	Serial: 2021010301 Mname: ns21.mydomain.net Retry: 1800 Refresh: 3600 Expire: 1209600 Rname: servers.mydomain.com
mydomain.net.	86400	IN	NS	ns21.mydomain.net
mydomain.net.	86400	IN	NS	ns22.mydomain.net
mydomain.net.	14400	IN	A	1.2.3.4
mydomain.net.	14400	IN	MX	Priority: 0 Destination: mydomain.net
mail.mydomain.net.	14400	IN	CNAME	mydomain.net
www.mydomain.net.	14400	IN	CNAME	mydomain.net
cpanel.mydomain.net.	14400	IN	A	1.2.3.4
autodiscover.mydomain.net.	14400	IN	A	1.2.3.4
whm.mydomain.net.	14400	IN	A	1.2.3.4
cpcalendars.mydomain.net.	14400	IN	A	1.2.3.4
webmail.mydomain.net.	14400	IN	A	1.2.3.4
server11.mydomain.net.	14400	IN	A	1.2.3.4
ns21.mydomain.net.	14400	IN	A	1.2.3.4
ns22.mydomain.net.	14400	IN	A	1.2.3.4

and DNS zone for my hostname is : ( when I want to reset this zone, this error appear: Error: Unable to determine the IP address for server11.mydomain.net)

Name​	TTL​	Class​	Type​	Record​
server11.mydomain.net.	86400	IN	SOA	Serial: 2021010501 Mname: ns21.mydomain.net Retry: 1800 Refresh: 3600 Expire: 1209600 Rname: servers.mydomain.com
server11.mydomain.net.	86400	IN	NS	ns21.mydomain.net
server11.mydomain.net.	86400	IN	NS	ns22.mydomain.net
server11.mydomain.net.	14400	IN	A	1.2.3.4
server11.mydomain.net.	14400	IN	MX	Priority: 0 Destination: server11.mydomain.net
mail.server11.mydomain.net.	14400	IN	CNAME	server11.mydomain.net
www.server11.mydomain.net.	14400	IN	CNAME	server11.mydomain.net
ftp.server11.mydomain.net.	14400	IN	CNAME	server11.mydomain.net

so I think for nat I need some DNS records to point something to localhost or to internal IP???

 

[hamid.hgl]

The first one is just letting you know the local machine is not the nameserver that handles the DNS records for your hostname

As I explained in the previous post, the local machine is the nameserver that handles the DNS records for my hostname.
but something maybe in NAT configuration is preventing it from detecting local machine as an authoritative nameserver!

CSF can cause some conflicts

SMTP mail works outside the server with CSF enable, but can't connect to "mail.mydomain.net" or all other hosted domains in the server!
And so I think the problem could still be with nat settings and how to connect to localhost or internal IP.

 

[cPRex]

Since you're having issues with the connection, it might be best to get a ticket submitted to our team or to your host to get the NAT and network settings checked.

 

[hamid.hgl]

I did not purchase my license directly through cPanel to create a ticket that directed me to the correct license provider.

Unfortunately, most NAT problems in cPanel forums ended with a referral to submitting tickets and the result is not available to other users.
By sending the DNS zones, I hope you tell me whether they are correct or not and maybe the key to solving this problem.

 

[cPRex]

It's important to note that cPanel itself doesn't configure the NAT - we just detect the network configuration on the operating system and then ensure that cPanel is configured to use that.

Could you provide the output of the following command on the system:

cat /var/cpanel/cpnat

That would show us how the NAT is currently configured and may get us more details.

 

[hamid.hgl]

Could you provide the output of the following command on the system:

192.168.102.11 1.2.3.4

 

[cPRex]

Great - that's how I'd expect that file to look, with the private IP mapping to just one public IP address. If that's the case, the basic NAT setup seems to be working properly, but there still could be other issues.

I still believe a ticket is the best way to go for this problem, and if you paste the ticket number here once that is created I can follow along and make sure this thread stays updated.