1:1 NAT

Last modified: July 17, 2023


We strongly recommend that you only perform these actions on a new installation of cPanel & WHM. Do not attempt a 1:1 NAT configuration on an existing production server.

When you install cPanel & WHM, the installer will detect whether your server resides on a NAT-configured network. If the installer detects a NAT-configured network, your server will configure itself for NAT mode and attempt to automatically map local IP addresses to public IP addresses.

  • If you use a NAT environment, your server must reside in a 1:1 NAT configuration to install cPanel & WHM.
  • For cPanel & WHM services to function correctly, you or your network administrator must enable loopback (or hairpin) NAT on both the server and its firewall. Loopback NAT allows the server to access a public IP address internally from its corresponding private IP address.
  • For a list of ports that you must open to allow cPanel & WHM services to function on your server, read our How to Configure Your Firewall for cPanel & WHM Services documentation.

The mapping process

The system attempts to map all non-loopback IP addresses bound to any network interface on the server to a public IP address.

To complete this process, the system performs the following actions:

  1. Your server will send an outgoing connection from each local IP address to the http://myip.cpanel.net/v1.0/ server.
  2. The http://myip.cpanel.net/v1.0/ server responds with the public IP address from which it received the request.
  3. The system maps the local IP address to this public IP address.
We do not recommend that you map more than one local IP map address to a single public IP address.

Manage IP addresses

You can manage the maps for local and remote IP addresses with the following WHM interfaces:

Each interface displays the warning notice NAT mode enabled if NAT is enabled on your server.

If multiple local IP addresses match the same public IP address, the system will only map the first local IP address in the /var/cpanel/cpnat file.

The build_cpnat script

The /usr/local/cpanel/scripts/build_cpnat script uses the http://myip.cpanel.net/v1.0/ server to map local IP addresses to public IP addresses. However, if you wish to use a different IP address lookup service, perform the following steps:

  1. Open the /etc/cpsources.conf file with a text editor and add the following line:
  1. Run the /usr/local/cpanel/scripts/build_cpnat script.
    • For more information about the build_cpnat script, run the following command:
    /usr/local/cpanel/scripts/build_cpnat --man
    • If you accidentally delete your cpnat file or the file becomes becomes corrupted, rebuild it with the /usr/local/cpanel/scripts/build_cpnat script.
    • The /var/cpanel/cpnat file acts as a flag file for NAT mode. If the installer mistakenly detects a NAT-configured network, delete the/var/cpanel/cpnat file to disable NAT mode.
  2. Update your cPanel accounts’ local IP addresses in WHM’s IP Migration Wizard interface (WHM » Home » IP Functions » IP Migration Wizard).

Additional Documentation