The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help cpanel nat 1: 1 setup

Discussion in 'General Discussion' started by helpdesk, Mar 7, 2010.

  1. helpdesk

    helpdesk Registered

    Joined:
    Mar 7, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Dear all,

    We have just brought and setup our cpanel.

    We set it up behind a NAT firewall 1: 1

    On WHM, the main shared IP is a local ip 192.168.1.x

    We use a third party DNS server and set the server as a local dns.

    For new account creation,

    Mail / FTP work but we are unable to do virtual host

    http://www.domain.com/cgi-sys/defaultwebpage.cgi

    Any guru that have setup cpanel behind NAT 1:1, please provide some guidance. thank you in advance.
     
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Are you receiving any error message?
     
  3. wills

    wills Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    202
    Likes Received:
    1
    Trophy Points:
    18
    We're running cPanel on a 1:1 NAT with no issues. That includes DNS. I'm not sure what you meant about the third party DNS or virtual host setup. Can you give us some real-world examples?
     
  4. ALL

    ALL Registered

    Joined:
    Dec 5, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I am actually having a similar problem.

    I am behind a 1:1 NAT firewall of:

    65.123.120.x->192.168.111.x

    The problem i'm running into is, when i setup a user in WHM and it sets up the DNS it auto assigns the A records to 192.168.111.x rather than the public ip address. Is there a way, or how did you get around it auto assigning the internal ip address instead of the external ip address?
     
  5. ALL

    ALL Registered

    Joined:
    Dec 5, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    i'm not trying to be a pain, but i'd really like to get this setup...

    all i really need to do is know how i can set it up so when someone adds a domain to their account that it assigns it to the external ip address and not the internal ip address...

    exmaple:
    someone adds a domain, their ip is 65.123.120.55 it assigns their dns records to 192.168.111.55. I need it to set the dns records to the external ip address, not internal.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You are not getting many answers mainly because not too many have much experience with NAT and Cpanel and it is generally avoided for very good reason as setting up and maintaining that kind of a configuration can often be much more than a pain than it's worth.

    Nearly all cable modem and DSL providers officially prohibit running web servers per usage policies (though yes a lot of people do it anyway) and that is where you find the bulk of NAT type deployments most of the time.

    Aside for technical difficulties keeping things lined up especially after Cpanel updates, licensing matching up, and other operational items, there is also certain aspects of running Cpanel inside a NAT local network that would open up major security holes to the rest of your NAT network just simply by the act of running Cpanel inside the local NAT network and there are much better ways to deploy such a configuration than putting it behind the NAT router.

    Unless it is really your absolute only choice, I really strongly would not recommend putting Cpanel behind a NAT. It can be done and I have personally done that for clients on a few occasions where the circumstances dictated doing that but it's really not recommended.

    Regarding your IP question, you **MUST** use the NAT IP for the hosting accounts and network card details but then you will use the external IP for the DNS records and this is generally where the headaches first begin and does require a bit of manual finger work as this can be done very easily from SSH but there is no real happy way of doing this from WHM or more accurately --- keeping it all in sync.
     
  7. ALL

    ALL Registered

    Joined:
    Dec 5, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Well, I don't have much of a choice about running behind a NAT firewall. I called the company that makes our firewall (Watchguard) and they said that "it cannot be done"...

    I find it a little hard to believe, but w/e. I am a software developer not a network engineer, so I figured that they'd know best.

    here's what they said:
    But what I have been playing with and believe have it mostly setup is a script that monitors the dns files and once modified it looks though them and changes any internal ips to it's associative external ip. It's written in PHP, because it's a small script and ez to develop, but it gets the job done, granted it will take up to 5 seconds for the dns to be changed again, but I find that reasonable. I am not sure how it'd scale with large number of domains, but it should work regardless.

    I am going to make an article on what I did and give the code I used in the future when I know everything works.
     
  8. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    As an incidental footnote to that .....

    Can you place the Cpanel server IN FRONT of your firewall instead of behind it where you are located?

    It would make a lot more logical sense to put the Cpanel server in the front ahead of your firewall or NAT translation and actually make your local network more secure doing it that way.

    If you don't have any means to access the outside world where you are located other than going through the NAT firewall, I would actually then recommend not run a local Cpanel server at all and instead host in any of the remote data centers out there around the world all of which would probably give you substantially better performance than running it locally where you are at primary because of bandwidth availability differences.

    If you are really dead set on running the server locally and are unable to get around having it behind the firewall then yes you'll need to do the things I said earlier and yes as you pointed out most of those items can in fact be scripted to minimize the manual labor but still can be a pain and you might find it easier or better for you looking into another solution
     
  9. evp

    evp Registered

    Joined:
    Mar 7, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Possible Solution

    Hi I have it working, but lately have been having some issues. If you are getting http://www.domain.com/cgi-sys/defaultwebpage.cgi, than it seems to be routing correctly (I am not a network specialist though). What I think is going on is that cpanel is configuring the virtual hosts incorectly. I have to go in manually and modify the httpd.conf file every time that I add an account ("NameVirtualHost *:80" and "VirtualHost *:80") should do it.

    My Issue recently (after an ip migration) is that a VirtualHost entry with my internal ip and no port (VirtualHost 10.xxx.xxx.xxx). I now have to go in and manually remove this entry every morning or I get the same page served,

    http://www.domain.com/cgi-sys/defaultwebpage.cgi

    Hope this helps, and if anyone knows or has any idea what might be auto generating this entry I would really appreciate it.
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    During the IP migration, did you run the IP migration wizard, or did you only change the IP of a single site?
     
  11. evp

    evp Registered

    Joined:
    Mar 7, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks a good question. My ISP (Vodafone Portugal) was having tech problems issuing my a static ip and we ended up changing ip's 4 or 5 times in a 2 week period. I know I used the wizard most of the times, but I also remember manually going in and configuring. I just can't recall what I actually did last.
     
  12. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If you can bring the server outside of NAT, you can let our technical analysts take a look at the server. At this time, we do not provide assistance for NAT.
     
Loading...

Share This Page