NAT Configuration

(version 2.2 and up)

 

In versions 2.2 and higher, H-Sphere supports NAT (Network Address Translation), which allows you to use internal IPs in your local area network. When configuring H-Sphere, use internal IPs in all instances, and H-Sphere will convert them into external IPs for the DNS settings and control panel web interface.

To configure NAT:

<ips>
   <ip ext="
external_ip" int="internal_ip"/>
   . . .
</ips>

Example:

<ips>
    <ip ext="65.219.197.236" int="192.168.1.27"/>
    <ip ext="65.219.197.237" int="192.168.1.28"/>
    <ip ext="65.219.197.238" int="192.168.1.29"/>
    <ip ext="65.219.197.239" int="192.168.1.30"/>
    <ip ext="65.219.197.242" int="192.168.1.31"/>
    <ip ext="65.219.197.243" int="192.168.1.32"/>
    <ip ext="65.219.197.244" int="192.168.1.33"/>
</ips>

2) Set the following record in ~cpanel/shiva/psoft_config/hsphere.properties:

3) Restart H-Sphere to apply changes.

To disable NAT support, it will suffice to remove this line from hsphere.properties and restart the CP.

 

Configuring Newly Installed H-Sphere With NAT Support

  1. In the E.Manager menu, add your physical and logical servers with the corresponding internal IPs;
  2. In E.Manager->DNS Manager, add DNS records with internal IPs.
    Note: Internal IPs will be transformed to the corresponding external IPs in DNS zones configuration.
    There will be only external IPs in DNS zones configuration!

If you still have problems with resolving your servers after that, you may run DNS Creator by the following command under the cpanel user:
java psoft.hsphere.tools.DNSCreator -m db -dz

 

NAT Support On A Live System

To add NAT support to an H-Sphere already configured with external IPs, perform the following steps:

  1. Replace external IPs in E.Manager->P.Servers and L.Servers to internal IPs.
    Note: These internal IPs should be of the same type (shared, dedicated) with the corresponding external IPs.
    Example: If there was a shared 64.10.10.10 external IP, the corresponding 192.128.10.10 internal IP should also be configured as a shared IP.
    In such case, there will be no need to recreate DNS;
  2. Replace external IPs in E.Manager->DNS Manager to the corresponding internal IPs.
    Note: Internal IPs will be transformed to the corresponding external IPs in DNS zones configuration.
    There will be only external IPs in DNS zones configuration!

If you still have problems with resolving your servers after that, you may run DNS Creator by the following command under the cpanel user:
java psoft.hsphere.tools.DNSCreator -m db -dz

 

NAT Firewall Configuration

Some software (osCommerce, phpBB, and SiteStudio) connects to resorces by hostname (web.example.com, mysql.example.com). Since hostnames resolve to external IPs, you need to configure your NAT firewall so that your physical servers (web.example.com, mysql.example.com) can address themselves and each other both by external and internal IPs.

Alternatively, if you have RedHat Linux running on all servers, you can add the following rule to the iptables for each IP pair on every single box:
iptables -t nat -A OUTPUT -p tcp -d <external> -j DNAT --to <internal>, for example:

    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.236 -j DNAT --to 192.168.1.27
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.237 -j DNAT --to 192.168.1.28
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.238 -j DNAT --to 192.168.1.29
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.239 -j DNAT --to 192.168.1.30
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.242 -j DNAT --to 192.168.1.31
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.243 -j DNAT --to 192.168.1.32
    iptables -t nat -A OUTPUT -p tcp -d 65.219.197.244 -j DNAT --to 192.168.1.33

 

IP Migration with NAT

For IP migration with NAT, see the guide on changing IPs.







Home   Products   Services   News
© Copyright. . PSOFT. All Rights Reserved. Terms | Site Map