DNS Only Behind a NAT can't connect Public IP

wilburburns

Member
Nov 3, 2003
22
0
151
I've setup a new server running Centos 6.5 and WHM DNS Only. The system is behind a NAT and all seems to be working correctly from the Private IP addresses and network. However, I cannot connect to https://PublicIP:2087.

From the Internet (A Public IP Address on a different domain), I can Ping the Public IP, I can SSH into the machine using the public IP or Hostname.

What could be causing the cpanel interface to NOT be accessible from a Public IP?

Cliff
 

wilburburns

Member
Nov 3, 2003
22
0
151
No error message, just the typical destination unreachable message in the browser.

It does appear to be a firewall problem issue, but the network router is allowing all traffic through to the system, therefore it has to be something on the server.

I'm running CSF and have double checked that it is not blocking that port. I've looked at the ip tables config to make sure there is not a block in that file and see permit for 2087.

My IP's changed after installing DNSOnly, could this have an effect on my issue?

Cliff
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Run the following command when attempting to access WHM:

Code:
tcpdump -n dst port 2087
While this command is active, attempt a connection to WHM over port 2087. End the command and review the output to see if the server received any data during your connection attempt. This should help determine if the issue is with the server itself.

Thank you.
 

wilburburns

Member
Nov 3, 2003
22
0
151
OK, Just tried again and see the following.
Code:
13:03:16.209508 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [S], seq 3202444019, win 8192, options [mss 1370,nop,wscale 2,nop,nop,sackOK], length 0
13:03:16.319160 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [.], ack 3538156627, win 16440, length 0
13:03:16.327901 IP 166.###.##.35.25404 > 192.168.11.29.eli: Flags [P.], seq 0:292, ack 1, win 16440, length 292
Here is my exact tcpdump command that I ran due to using eth1 and eth0
Code:
tcpdump -i eth1 -n dst port 2087
Cliff
 

wilburburns

Member
Nov 3, 2003
22
0
151
It appears as though there is some type of problem with the SSL certificate.

I can connect to port 2086 and then let it redirect me to port 2087 (Secure Port) and everything works from a public IP.

Now I need to find the fix for SSL Issue.

Cliff
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Feel free to open a support ticket if you want us to take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.