1:1 NAT
Last modified: July 17, 2023
Overview
When you install cPanel & WHM, the installer will detect whether your server resides on a NAT-configured network. If the installer detects a NAT-configured network, your server will configure itself for NAT mode and attempt to automatically map local IP addresses to public IP addresses.
- If you use a NAT environment, your server must reside in a 1:1 NAT configuration to install cPanel & WHM.
- For cPanel & WHM services to function correctly, you or your network administrator must enable loopback (or hairpin) NAT on both the server and its firewall. Loopback NAT allows the server to access a public IP address internally from its corresponding private IP address.
- For a list of ports that you must open to allow cPanel & WHM services to function on your server, read our How to Configure Your Firewall for cPanel & WHM Services documentation.
The mapping process
The system attempts to map all non-loopback IP addresses bound to any network interface on the server to a public IP address.
To complete this process, the system performs the following actions:
- Your server will send an outgoing connection from each local IP address to the
http://myip.cpanel.net/v1.0/
server. - The
http://myip.cpanel.net/v1.0/
server responds with the public IP address from which it received the request. - The system maps the local IP address to this public IP address.
Manage IP addresses
You can manage the maps for local and remote IP addresses with the following WHM interfaces:
- The Add a New IP Address interface (WHM » Home » IP Functions » Add a New IP Address).
- The Show or Delete Current IP Addresses interface (WHM » Home » IP Functions » Show or Delete Current IP Addresses).
- The IP Migration Wizard interface (WHM » Home » IP Functions » IP Migration Wizard).
Each interface displays the warning notice NAT mode enabled if NAT is enabled on your server.
/var/cpanel/cpnat
file.
The build_cpnat script
The /usr/local/cpanel/scripts/build_cpnat
script uses the http://myip.cpanel.net/v1.0/
server to map local IP addresses to public IP addresses. However, if you wish to use a different IP address lookup service, perform the following steps:
- Open the
/etc/cpsources.conf
file with a text editor and add the following line:
MYIP=https://ifconfig.me/ip
- Run the
/usr/local/cpanel/scripts/build_cpnat
script.Note:- For more information about the
build_cpnat
script, run the following command:
/usr/local/cpanel/scripts/build_cpnat --man
- If you accidentally delete your
cpnat
file or the file becomes becomes corrupted, rebuild it with the/usr/local/cpanel/scripts/build_cpnat
script. - The
/var/cpanel/cpnat
file acts as a flag file for NAT mode. If the installer mistakenly detects a NAT-configured network, delete the/var/cpanel/cpnat
file to disable NAT mode.
- For more information about the
- Update your cPanel accounts’ local IP addresses in WHM’s IP Migration Wizard interface (WHM » Home » IP Functions » IP Migration Wizard).