Cpanel Behind NAT Working

[Lestat]

After long hours of dealing with trying to get my server work behind nat.

OK let explain my layout first.
Hardware:
1: Outside line is coming in to my Nokia checkpoint firewall.
2: From Firewall I have a DMZ unit.
3: From DMZ unit to Web/DNS Server.

Software Setup:
1: I have Domain name from my provider pointing to my DNS Server
ns1.domain.com external IP
ns2.domain.com external IP
2: I have firewall forwarding the external addresses to the internal addresses
192.168.88.3
192.168.88.9
(Make sure all CPANEL ports are open that you need to get through with firewall.)
3: Server has local IP address for it to get on network and to download cpanel.
4: Once cpanel is done you may not be able to access the box except only through SSH. Get on external machine from the network. I was unable to access internally.
5: So now I am out of the internal network I brought the default WHM link in the browser https://ipaddress:2087 and continued with the setup when you first install WHM. You may not beable to do much besides adds what it tells you to add. But once done we can go in and make our manual changes.

Configuring WHM:

1: First thing I did is add the 2 external IP addresses and the other internal IP address in the add/delete ip section.
2: Added the new hostname of the machine and the A records.
3: Then I activated the Nameserver cause we have made this a DNS server.
4: Setup section on the very top on left pane I went an added these settings.
Shared IP: I made one of my external addresses
NS1.domain.com assigned the default IP and Add the records
NS2.domain.com assign default IP's and add the records
5: Created an account with the domain we have changed the DNS with.
Now on to SSH:

I had to make alot of adjustments by hand in order for everything to work.

 

[Lestat]

SSH:
nano or pico
/usr/local/apache/conf/httpd.conf goto very end.

<VirtualHost (external IP here)>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/user/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled user
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User user
Group user
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>
<VirtualHost (External IP here the shared one from cpanel)>
ServerName local.domain.com
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>


<VirtualHost 192.168.88.9>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/user/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled user
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User user
Group user
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>
<VirtualHost 192.168.88.3>
ServerName local.domain.com
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>

 

[Lestat]

Next in SSH:
I edited /usr/local/apache/conf/httpd.conf.vhosts with the same settings as above.

Next after that I went to edit my resolve.conf
nano /etc/resolv.conf

search com
nameserver (external IP)
nameserver (external IP)
nameserver 192.168.88.3
nameserver 192.168.88.9

Next is the nameserverips
nano /etc/nameserverips

192.168.88.3=ns1.domain.com
192.168.88.9=ns2.domain.com
(external IP)=ns1.domain.com
(external IP)=ns2.domain.com

 

[Lestat]

SSH:
nano /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
(external Shared IP)             local
127.0.0.1                            localhost
(external Shared IP)             local.domain.com

Now I went an modified rights on this file
chattr +i /etc/hosts

Next:

nano /scripts/ipcheck
I commented these lines out to stop those annoying ipcheck emails.

#if ($problems ne "") {
#       print "SENT ipcheck email\n";
#
#       $problems .= "Some are all of these problems can be caused by
#/etc/resolv.conf being setup incorrectly.  Please check this file if
#you
#believe everything else is correct.\n\n";

#       $subject = "[ipcheck] Problems with dns setup on ${hostname}";

#                $msg .= "IMPORTANT: Do not ignore this email.\n";
#               $msg .= "$problems\nYou may be able to
#               automaticly correct this problem by using the ' Add an A entry for your
#               hostname ' under ' Dns Functions ' in your Web Host Manager";
#       icontact('ipcheck',2,$subject,$msg);
#}

then chattr +i /scripts/ipcheck


I believe that is all that I had to do besides modify edit dns zones to make sure there is no internal ips set on domain or dns servers.


For some crazy reason if I just set the server up with internal IP's nothing wouldn't work. When I just added the external IP's with the main ip of eth0 (which is local address 192.168.88.3) Everything would work but the site. I would be able to handle emails and ftp and all that lovely stuff but when I uploaded site in ftp and then open broswer to goto the domain it wouldn't work right. All I recieved was the default cpanel template. But if I were to access the external address in the browser http//:external.IP/~user/ there is my site. Or also this would work as well http://domainname.com/~user/ this would work but the domain wouldn't. So the adjustments above is what I had made and now it all works fine now. Now if you go into the list accounts in WHM you will see the domain name but near the domain name is a local IP. Weird eh? Well I am not tampering with it. Reason being is I have been fighting with this for well over a week now. I think that is all I did. If I remember any other tweaks besides the addons I added other modifications to box of the third party software for Cpanel out there.

I have yet add another domain. From the looks of things I might have to add all those manually like the other one.

 

[Lestat]

OK added another domain. Things didn't go as planned but I did finally get it to work.

I have pointed the domain to the ns1 and ns2 DNS servers.
I created the account. I have added in the my info in these files
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/httpd.conf.vhosts

<VirtualHost (shared external IP here)>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/user/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled user
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User user
Group user
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>



<VirtualHost 192.168.88.3>
ServerAlias www.domain.com domain.com
ServerAdmin [email protected]
DocumentRoot /home/user/public_html
BytesLog domlogs/domain.com-bytes_log
ServerName www.domain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled user
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/user:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User user
Group user
CustomLog domlogs/domain.com combined
ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
</VirtualHost>

After I have done that still would not work. So I went about running in SSH:
/scripts/easyapache

I choosed option 1 being it is default.
I ran also these to be sure everything was good as well.

/scripts/updatenow
/scripts/upcp --force
When I ran these updates I had gotten connection errors in process so I went and executed this in SSH:
mv /usr/local/cpanel/cpanel /usr/local/cpanel/cpanel.old
rm -f /var/cpanel/version/9.9.*

Then ran updates again
/scripts/updatenow
/scripts/upcp --force
recieved the ipcheck error cause it is chattr +i so I did a chattr -i /scripts/ipcheck
then did update commands again. It has over written my ipcheck file which I had to go back and modify my changes and chattr +i /scripts/ipcheck again. This is so I don't recieve those annoying ipcheck emails.
and all went well.

Then went to my WHM and restart BIND and HTTP services to make sure things take affect. I hope I didn't miss anything I did. But wow what a mess.

 

[adelima]

How about setting up cpanel/whm using DMZ??? Any how to?? I dont want to use firewall just DMZ pointing to my local address


Any guide for this?

 

[webbed]

I am trying to get a DNS only cPanel working behind a NAT/firewall.

I can reach the server by ssh and WHM. But the dns gives errors. A DNS checking tool from the SIDN (dutch domains) gives this error:
"Failure: name server at 87.213.107.162 cannot be reached: (unknown error)
The name server could not be contacted, which may be due to temporary
technical problems or global DNS configuration mistakes. The internal
error is shown, but not always clear about the cause."

Port 53 is already open for both UDP and TCP. Which other ports must be open for DNS only? Or what other problem could there be for this error?