DNS Only Behind a NAT can't connect Public IP

[wilburburns]

I've setup a new server running Centos 6.5 and WHM DNS Only. The system is behind a NAT and all seems to be working correctly from the Private IP addresses and network. However, I cannot connect to https://PublicIP:2087.

From the Internet (A Public IP Address on a different domain), I can Ping the Public IP, I can SSH into the machine using the public IP or Hostname.

What could be causing the cpanel interface to NOT be accessible from a Public IP?

Cliff

 

[vanessa]

What's the error message you get, specfically? It's possible that this is a firewall issue from wherever you are accessing the server. Maybe try the proxydomain http://whm.yourdomain.com.

 

[wilburburns]

No error message, just the typical destination unreachable message in the browser.

It does appear to be a firewall problem issue, but the network router is allowing all traffic through to the system, therefore it has to be something on the server.

I'm running CSF and have double checked that it is not blocking that port. I've looked at the ip tables config to make sure there is not a block in that file and see permit for 2087.

My IP's changed after installing DNSOnly, could this have an effect on my issue?

Cliff

 

[cPanelMichael]

Run the following command when attempting to access WHM:

tcpdump -n dst port 2087

While this command is active, attempt a connection to WHM over port 2087. End the command and review the output to see if the server received any data during your connection attempt. This should help determine if the issue is with the server itself.

Thank you.

 

[wilburburns]

Currently,

I do not see anything recorded running tcpdump.

Cliff

 

[wilburburns]

OK, Just tried again and see the following.

13:03:16.209508 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [S], seq 3202444019, win 8192, options [mss 1370,nop,wscale 2,nop,nop,sackOK], length 0
13:03:16.319160 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [.], ack 3538156627, win 16440, length 0
13:03:16.327901 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [P.], seq 0:292, ack 1, win 16440, length 292

Here is my exact tcpdump command that I ran due to using eth1 and eth0

tcpdump -i eth1 -n dst port 2087

Cliff

 

[wilburburns]

It appears as though there is some type of problem with the SSL certificate.

I can connect to port 2086 and then let it redirect me to port 2087 (Secure Port) and everything works from a public IP.

Now I need to find the fix for SSL Issue.

Cliff

 

[cPanelMichael]

Feel free to open a support ticket if you want us to take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.