The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel Behind NAT Working

Discussion in 'General Discussion' started by Lestat, Feb 13, 2005.

  1. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    After long hours of dealing with trying to get my server work behind nat.

    OK let explain my layout first.
    Hardware:
    1: Outside line is coming in to my Nokia checkpoint firewall.
    2: From Firewall I have a DMZ unit.
    3: From DMZ unit to Web/DNS Server.

    Software Setup:
    1: I have Domain name from my provider pointing to my DNS Server
    ns1.domain.com external IP
    ns2.domain.com external IP
    2: I have firewall forwarding the external addresses to the internal addresses
    192.168.88.3
    192.168.88.9
    (Make sure all CPANEL ports are open that you need to get through with firewall.)
    3: Server has local IP address for it to get on network and to download cpanel.
    4: Once cpanel is done you may not be able to access the box except only through SSH. Get on external machine from the network. I was unable to access internally.
    5: So now I am out of the internal network I brought the default WHM link in the browser https://ipaddress:2087 and continued with the setup when you first install WHM. You may not beable to do much besides adds what it tells you to add. But once done we can go in and make our manual changes.

    Configuring WHM:

    1: First thing I did is add the 2 external IP addresses and the other internal IP address in the add/delete ip section.
    2: Added the new hostname of the machine and the A records.
    3: Then I activated the Nameserver cause we have made this a DNS server.
    4: Setup section on the very top on left pane I went an added these settings.
    Shared IP: I made one of my external addresses
    NS1.domain.com assigned the default IP and Add the records
    NS2.domain.com assign default IP's and add the records
    5: Created an account with the domain we have changed the DNS with.
    Now on to SSH:

    I had to make alot of adjustments by hand in order for everything to work.
     
    #1 Lestat, Feb 13, 2005
    Last edited: Feb 13, 2005
  2. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    SSH:
    nano or pico
    /usr/local/apache/conf/httpd.conf goto very end.
    Code:
    
    <VirtualHost (external IP here)>
    ServerAlias www.domain.com domain.com
    ServerAdmin webmaster@grdomain.com
    DocumentRoot /home/user/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName www.domain.com
    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled user
    </IfModule>
    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    User user
    Group user
    CustomLog domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
    </VirtualHost>
    <VirtualHost (External IP here the shared one from cpanel)>
    ServerName local.domain.com
    DocumentRoot /usr/local/apache/htdocs
    </VirtualHost>
    
    
    <VirtualHost 192.168.88.9>
    ServerAlias www.domain.com domain.com
    ServerAdmin webmaster@grdomain.com
    DocumentRoot /home/user/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName www.domain.com
    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled user
    </IfModule>
    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    User user
    Group user
    CustomLog domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
    </VirtualHost>
    <VirtualHost 192.168.88.3>
    ServerName local.domain.com
    DocumentRoot /usr/local/apache/htdocs
    </VirtualHost>
    
     
  3. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    Next in SSH:
    I edited /usr/local/apache/conf/httpd.conf.vhosts with the same settings as above.

    Next after that I went to edit my resolve.conf
    nano /etc/resolv.conf
    Code:
    search com
    nameserver (external IP)
    nameserver (external IP)
    nameserver 192.168.88.3
    nameserver 192.168.88.9
    
    Next is the nameserverips
    nano /etc/nameserverips
    Code:
    192.168.88.3=ns1.domain.com
    192.168.88.9=ns2.domain.com
    (external IP)=ns1.domain.com
    (external IP)=ns2.domain.com
    
     
  4. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    SSH:
    nano /etc/hosts

    Code:
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    (external Shared IP)             local
    127.0.0.1                            localhost
    (external Shared IP)             local.domain.com
    
    Now I went an modified rights on this file
    chattr +i /etc/hosts

    Next:

    nano /scripts/ipcheck
    I commented these lines out to stop those annoying ipcheck emails.
    Code:
    #if ($problems ne "") {
    #       print "SENT ipcheck email\n";
    #
    #       $problems .= "Some are all of these problems can be caused by
    #/etc/resolv.conf being setup incorrectly.  Please check this file if
    #you
    #believe everything else is correct.\n\n";
    
    #       $subject = "[ipcheck] Problems with dns setup on ${hostname}";
    
    #                $msg .= "IMPORTANT: Do not ignore this email.\n";
    #               $msg .= "$problems\nYou may be able to
    #               automaticly correct this problem by using the ' Add an A entry for your
    #               hostname ' under ' Dns Functions ' in your Web Host Manager";
    #       icontact('ipcheck',2,$subject,$msg);
    #}
    

    then chattr +i /scripts/ipcheck


    I believe that is all that I had to do besides modify edit dns zones to make sure there is no internal ips set on domain or dns servers.


    For some crazy reason if I just set the server up with internal IP's nothing wouldn't work. When I just added the external IP's with the main ip of eth0 (which is local address 192.168.88.3) Everything would work but the site. I would be able to handle emails and ftp and all that lovely stuff but when I uploaded site in ftp and then open broswer to goto the domain it wouldn't work right. All I recieved was the default cpanel template. But if I were to access the external address in the browser http//:external.IP/~user/ there is my site. Or also this would work as well http://domainname.com/~user/ this would work but the domain wouldn't. So the adjustments above is what I had made and now it all works fine now. Now if you go into the list accounts in WHM you will see the domain name but near the domain name is a local IP. Weird eh? Well I am not tampering with it. Reason being is I have been fighting with this for well over a week now. I think that is all I did. If I remember any other tweaks besides the addons I added other modifications to box of the third party software for Cpanel out there.

    I have yet add another domain. From the looks of things I might have to add all those manually like the other one.
     
    #4 Lestat, Feb 13, 2005
    Last edited: Feb 13, 2005
  5. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    OK added another domain. Things didn't go as planned but I did finally get it to work.

    I have pointed the domain to the ns1 and ns2 DNS servers.
    I created the account. I have added in the my info in these files
    /usr/local/apache/conf/httpd.conf
    /usr/local/apache/conf/httpd.conf.vhosts
    Code:
    <VirtualHost (shared external IP here)>
    ServerAlias www.domain.com domain.com
    ServerAdmin webmaster@grdomain.com
    DocumentRoot /home/user/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName www.domain.com
    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled user
    </IfModule>
    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    User user
    Group user
    CustomLog domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
    </VirtualHost>
    
    
    
    <VirtualHost 192.168.88.3>
    ServerAlias www.domain.com domain.com
    ServerAdmin webmaster@grdomain.com
    DocumentRoot /home/user/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName www.domain.com
    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled user
    </IfModule>
    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    User user
    Group user
    CustomLog domlogs/domain.com combined
    ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
    </VirtualHost>
    
    After I have done that still would not work. So I went about running in SSH:
    /scripts/easyapache

    I choosed option 1 being it is default.
    I ran also these to be sure everything was good as well.

    /scripts/updatenow
    /scripts/upcp --force
    When I ran these updates I had gotten connection errors in process so I went and executed this in SSH:
    mv /usr/local/cpanel/cpanel /usr/local/cpanel/cpanel.old
    rm -f /var/cpanel/version/9.9.*

    Then ran updates again
    /scripts/updatenow
    /scripts/upcp --force
    recieved the ipcheck error cause it is chattr +i so I did a chattr -i /scripts/ipcheck
    then did update commands again. It has over written my ipcheck file which I had to go back and modify my changes and chattr +i /scripts/ipcheck again. This is so I don't recieve those annoying ipcheck emails.
    and all went well.

    Then went to my WHM and restart BIND and HTTP services to make sure things take affect. I hope I didn't miss anything I did. But wow what a mess.
     
    #5 Lestat, Feb 14, 2005
    Last edited: Feb 16, 2005
  6. adelima

    adelima Registered

    Joined:
    Nov 24, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    How about setting up cpanel/whm using DMZ??? Any how to?? I dont want to use firewall just DMZ pointing to my local address


    Any guide for this?
     
  7. webbed

    webbed Registered

    Joined:
    Mar 29, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I am trying to get a DNS only cPanel working behind a NAT/firewall.

    I can reach the server by ssh and WHM. But the dns gives errors. A DNS checking tool from the SIDN (dutch domains) gives this error:
    "Failure: name server at 87.213.107.162 cannot be reached: (unknown error)
    The name server could not be contacted, which may be due to temporary
    technical problems or global DNS configuration mistakes. The internal
    error is shown, but not always clear about the cause."

    Port 53 is already open for both UDP and TCP. Which other ports must be open for DNS only? Or what other problem could there be for this error?
     
Loading...

Share This Page