1:1 NAT

Last modified: July 17, 2023


Overview

Warning:
We strongly recommend that you only perform these actions on a new installation of cPanel & WHM. Do not attempt a 1:1 NAT configuration on an existing production server.

When you install cPanel & WHM, the installer will detect whether your server resides on a NAT-configured network. If the installer detects a NAT-configured network, your server will configure itself for NAT mode and attempt to automatically map local IP addresses to public IP addresses.

Important:
  • If you use a NAT environment, your server must reside in a 1:1 NAT configuration to install cPanel & WHM.
  • For cPanel & WHM services to function correctly, you or your network administrator must enable loopback (or hairpin) NAT on both the server and its firewall. Loopback NAT allows the server to access a public IP address internally from its corresponding private IP address.
  • For a list of ports that you must open to allow cPanel & WHM services to function on your server, read our How to Configure Your Firewall for cPanel & WHM Services documentation.

The mapping process

The system attempts to map all non-loopback IP addresses bound to any network interface on the server to a public IP address.

To complete this process, the system performs the following actions:

  1. Your server will send an outgoing connection from each local IP address to the http://myip.cpanel.net/v1.0/ server.
  2. The http://myip.cpanel.net/v1.0/ server responds with the public IP address from which it received the request.
  3. The system maps the local IP address to this public IP address.
Warning:
We do not recommend that you map more than one local IP map address to a single public IP address.

Manage IP addresses

You can manage the maps for local and remote IP addresses with the following WHM interfaces:

Each interface displays the warning notice NAT mode enabled if NAT is enabled on your server.

Warning:
If multiple local IP addresses match the same public IP address, the system will only map the first local IP address in the /var/cpanel/cpnat file.

The build_cpnat script

The /usr/local/cpanel/scripts/build_cpnat script uses the http://myip.cpanel.net/v1.0/ server to map local IP addresses to public IP addresses. However, if you wish to use a different IP address lookup service, perform the following steps:

  1. Open the /etc/cpsources.conf file with a text editor and add the following line:
MYIP=https://ifconfig.me/ip
  1. Run the /usr/local/cpanel/scripts/build_cpnat script.
    Note:
    • For more information about the build_cpnat script, run the following command:
    /usr/local/cpanel/scripts/build_cpnat --man
    
    • If you accidentally delete your cpnat file or the file becomes becomes corrupted, rebuild it with the /usr/local/cpanel/scripts/build_cpnat script.
    • The /var/cpanel/cpnat file acts as a flag file for NAT mode. If the installer mistakenly detects a NAT-configured network, delete the/var/cpanel/cpnat file to disable NAT mode.
  2. Update your cPanel accounts’ local IP addresses in WHM’s IP Migration Wizard interface (WHM » Home » IP Functions » IP Migration Wizard).

Additional Documentation