If you deleted a VM on Google Compute Engine on a Centos 6 Cpanel server and then create it with the same disk, you often are assigned a new local IP address even if you kept the static IP. This does not properly update in the NAT configuration on Cpanel/WHM servers.
This stops any sites from working and the only way to fix it is manually edit the http.conf file. Inside Web Host Manager you can fix the public facing IP, but there is no place to edit the local IP. Does anyone know how to edit the nat configuration on centos 6 on Google Compute Engine to fix the local IP so that all new sites created will have the correct local IP in the http.conf?
Here is a pic of the current nat configuration on my Centos 6 server.
Here is a pic showing my correct local IP in Compute Engine, you can see it does not match the one Cpanel has, which causes the http.conf file to generate new virtual hosts with the wrong IP.
Its a configuration issue within WHM/Cpanel that can not be corrected with any configuration settings in the interfaces. I contacted Cpanel Support and they provided me with a command line shell script to run from root to fix the issue. It worked flawlessly:
# /scripts/build_cpnat
This resolved the issue, but they gave this additional info if that does not solve your problem:
If this does not resolve your issue, please review our NAT
documentation and ensure that your server is configured in a supported
1:1 NAT configuration:
http://documentation.cpanel.net/display/ALD/1%3A1+NAT
The Compute Engine does not allow you to create an instance with a specific network IP address. You will have to use a combination of routes and an instance's --can-ip-forward ability to add an IP address as a static network IP address that then maps to your desired virtual machine instance.
For example, if you want to assign 10.1.1.1 specifically as a network IP address to a virtual machine instance, you can create a static route that sends traffic from 10.1.1.1 to your instance, even if the instance's network IP address assigned by Compute Engine doesn't match your desired network IP address.
Take a look at this link: https://cloud.google.com/compute/docs/instances-and-network#staticnetworkaddress
The best and the simplest solution for this is to use the WHM/Cpanel IP Migration Wizard option to change the existing Private IP with the new one and then wait for few hours to make those changes propagate and you will see the new Private IP and Public IP in sync in your WHM platform.
I had the same issue with AWS and CentOS 7 hosting latest WHM/ cPanel. each time the instance restarts then a new private/ local IP address. I deleted cpnat from /var/cpanel/.
So I disabled the NAT, then I created another eth so I can configure it with static IP which is the Public IP, then for the main account only which own the hostname and domain name for WHM I assigned it to the local IP address, but as the local IP address keep changing so I created a script fires up at the start after each boot collecting the new local IP address and assign it automatically to the main account and if there is no new local IP address then the script exit without doing anything.
here are the steps been done:
nano /etc/sysconfig/network-scripts/ifcfg-eth0:cp1
and inside that file put the following: (change IPADDR & DNS)
DEVICE="eth0:cp1"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR="13.54.100.XX"
NETMASK="255.255.255.0"
DNS1="172.31.0.2"
TYPE="Ethernet"
IPV6INIT="no"
now we would like this interface to stay upon reboot and start on the reboot so run:
ifup eth0:cp1
then restart the network service by:
service network restart
now disable NAT mode by deleting the file cpnat in /var/cpanel
now check the file /var/cpanel/mainip and make sure our external ip is there 13.54.100.XX
create the following file with nano:
nano /etc/init.d/fixdhcp
add the following to the file and save it:
#!/bin/bash
# # This script assigns available DHCP IP to ACCOUNT-NAME user on Reboot or Restart, please change ACCOUNT-NAME to the main WHM domain account name
# apache service will restart when done.
/scripts/rebuildippool
export mydhcp10=$(cat /etc/ipaddrpool)
echo $mydhcp10
# Exit if no available IPs
if [ "${mydhcp10}" == "" ]; then
echo "ipaddrpool is empty" && exit 1
else
echo "ipaddrpool is not empty"
fi
/usr/local/cpanel/bin/setsiteip -u ACCOUNT-NAME $mydhcp10
chmod +x /etc/rc.d/rc.local
echo finished now restarting services
/scripts/rebuildhttpdconf
/scripts/rebuildippool
/scripts/cleandns
/scripts/fixvaliases
/scripts/modify_accounts --theme=paper_lantern --all-users
/usr/local/cpanel/scripts/updateuserdomains
service httpd restart
make the file excutable:
chmod +x /etc/init.d/fixdhcp
add it to rc.d
nano /etc/rc.local
then add it like this:
/etc/init.d/fixdhcp
save then run:
chmod +x /etc/rc.d/rc.local
If it still won't change, try this:
(i.e. when you List Accounts you see the old internal IP listed for each account)
WHM -> List Accounts expand desired account (+)
=> Change IP Address
=> select the IP address (even if it is the same external IP)
=> click change.
repeat for each affected account.
output:
The remote dns zone is not consistent with the httpd.conf.
The current ip in httpd.conf is: 10.240.0.3.
The current ip in the dns zone is: 104.154.68.68!
104.154.68.68 will be switched to the new ip as well!
The local dns zone is not consistent with the httpd.conf.
The current ip in httpd.conf is: 10.240.0.3.
The current ip in the dns zone is: 10.240.0.2!
10.240.0.2 will be switched to the new ip as well!
Warning, serious database inconsistency. httpd.conf, local dns, and remote dns all
have different ideas about what the ip address of this site really is. They will now all be changed
to the new ip: 10.240.0.2!
Changed all instances of [10.240.0.3,104.154.68.68] -> [104.154.68.68] in dcmetroc.kellen.hosting
Changed all instances of [10.240.0.3,104.154.68.68] -> [104.154.68.68] in dcmetrocollaborative.org
Updating httpd.conf....Done
System has 0 free ips.
if you're using nginx, don't forget to rebuild vhosts in ngnix plugin!
I just needed to change the local IP with the new one in:
/var/cpanel/cpnat
/etc/hosts
/etc/ips.dnsmaster
Related
I was actually doing some quick labs exercise when I noticed this issue where is ping to an internal IP works but if I ping with machine name it does not work. Here is what I did:
a.) Create a GCP project. Leave all the default firewall rules in place
b.) Create a VM in us-central-1 (any region) call it - mynet-us-vm
c.) Create a VM in eu-west-1 (any region) - call it - mynet-eu-vm
d.) SSH to mynet-us-vm from the console
e.) Run this commands : ping -c 3 <Enter mynet-eu-vm's internal IP here>- It works
f.) Run this command: ping -c 3 mynet-eu-vm - Does not work! Getting below error
Getting Error:
"ping: mynet-eu-vm: Name or service not known"
For Internal DNS resolution to work there are multiple factors that affect this:
On the client Instance running ping the resolv.conf file must have the metadata server (169.254.169.254) as it’s nameserver and the search domains must be set similarly to the example on the documentation, if using a Google provided image this configuration should already be set correctly.
Additionally, verify the hostname registered for the Instance “mynet-eu-vm” this can be done by running curl against the metadata server, the output to this will be the full FQDN which will confirm whether the resolv.conf file should be set to Zonal DNS or Global DNS and if the hostname for the Instance is the same as the one being used with ping.
If running “dig FQDN #169.254.169.254” works but ping still fails this would mean that the Instance is trying to resolve against a different nameserver, or that the search list on resolv.conf is incorrect.
If the above steps fail I suggest raising a support case with Google Cloud Platform or opening a new Public Issue Tracker since following the steps provided does not result in the same behavior and likely it’s something specific to your setup.
Recently I've set up an Amazon EC2 instance of Ubuntu 16.04 that was authorized to scan an IP block. The version of GSA that I have installed is 7.0.3. Currently, I can locally access GSA through the EC2 instance or remotely using my public Amazon elastic IP.
Additionally, I've allowed external access to GSA's listening port from my IP block. Currently, I can access GSA without any problems using my instances static public IP over HTTPS.
The problem that I'm currently running into is accessing GSA using a FQDN.
For example, I want to be able to use https://gsa.mydomain.com
My local DNS server has an A record with the FQDN and my EC2 instances public IP.
On my instance, I ran the following command.
sudo gsad --allow-header-host gsa.mydomain.com
However, browsing to https://gsa.mydomain.com produces the following error.
"The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it."
Neither restarting GSA services or my instance had no effect.
Clearly, DNS is working but the host header command is not.
Any thoughts on how I can make this happen?
Additionally, for reference, I used the following URL
https://github.com/greenbone/gsa/pull/318
In ubuntu/debian edit /etc/default/openvas-gsa file and set ALLOW_HEADER_HOST=HOSTNAME
where HOSTNAME is your host name in the browser address line.
I'm using Kali and was able to figure this out my modifying the systemd service files. Modify the file /lib/systemd/system/greenbone-security-assistant.service, adding the --allow-header-host gsa.mydomain.com to the end of the ExecStart line.
For example, change the line from:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port>
to:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port> --allow-header-host gsa.mydomain.com
Then run:
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
I am configuring my system (OSX) as a perforce server for sharing my project work with my coding partner. I want to host my server on the internet so that he will able to connect to my system. I am able to configure through this guide.Working like charm on my local host.
Maybe i am not getting something.
Please guide me to find an address or what procedure I have to do extra for making my system available to my partner .
I am very bad in UNIX terminal command
i tried these links but no answer worked for me .
Perforce with dynamic ip
Online Perforce Repositories
Some questions
Is there any need for static IP .
How i make my system available to partner over internet?
This is my p4 info.
User name: aadi
Client name: aadi-MacBook-Air
Client host: aadi-MacBook-Air.local
Client unknown.
Current directory: /Users/aadi
Client address: 127.0.0.1:50596
Server address: localhost:1666
Server root: .
Server date: 2014/11/18 01:58:14 +0530 IST
Server uptime: 00:00:10
Server version: P4D/DARWIN90U/2011.1/747877 (2013/11/21)
Server license: none
Case Handling: insensitive
I don't believe you need a static IP, so long as your partner can connect to you using your dynamic IP.
Your server has to listen on an IP address which is accessible by your partner, so "localhost:1666" will not work, because 'localhost' means to only accept connections from your own machine.
If your machine, was, say 192.168.1.101, then you'd like to see something like:
Server address: 192.168.1.101:1666
Which you should be able to accomplish by starting your server as 'p4d -p 192.168.1.101:1666'.
You can also try starting your server at 'p4d -p 1666' and see if it will listen on an address that is accessible by your partner's machine. It should, but occasionally there are problems if the IP address is not explicitly specified. If you explicitly specify your machine's IP address, and it is a dynamic IP, then you will have to stop and restart your server on the correct IP address each time your machine's IP address changes, which is rather an annoyance (and is avoided if you can in fact deploy a static IP).
All this business about static vs dynamic IP addresses should go away if your dynamic IP assignment mechanism is well-integrated with your organization's DNS infrastructure, so that your partner can use the hostname of your computer rather than the IP address.
Lastly, don't forget to check your OS X firewall: http://support.apple.com/en-us/HT201642
I moved my WHM/cPanel installation to a new server. After changing the nameserver IP's and then after a little while the domains to started pointing to the new server.
However the hostname doesn't resolve to an IP address.
/scripts/ipcheck --verbose
IMPORTANT: Do not ignore this email.
Your hostname (xxx.example.com) could not be resolved to an
IP address. This means that /etc/hosts is not set up correctly,
and/or there is no dns entry for xxx.example.com. Please be
sure that the contents of /etc/hosts are configured correctly, and
also that there is a correct 'A' entry for the domain in the zone
file.
Some or all of these problems can be caused by /etc/resolv.conf
being setup incorrectly. Please check that file if you believe
everything else is correct.
You may be able to automatically correct this problem by using the
'Add an A entry for your hostname' option under 'Dns Functions' in
your Web Host Manager.
I ran:
nano /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
XXX.XXX.XXX.XXX xxx.example.com xxx
I also check:
nano /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Also:
nano /etc/nameserverips
XXX.XXX.XXX.XXX=ns1.example.com
XXX.XXX.XXX.XXX=ns2.example.com
I checked the "Add an A Entry for your hostname" in WHM:
Hostname | Server Main IP
xxx.example.com | XXX.XXX.XXX.XXX
I checked and rebuilt dnsconfig
/scripts/rebuildingdnsconfig
I am really not sure what else to check, i have rebooted the server. The domains pointing to the name servers work fine. THe problem i am having is i route all cpanel access and SSL configs for the emails through https://xxx.example.com because this has the SSL cert. I have compared the settings to the older server and they are the same except the IP address.
Centos 6.4
WHM 11.40.0 Build 19
XXX.XXX.XXX = Server IPs
xxx.example.com = hostname
Any help would be appreciated.
Solved this:
Go to WHM, "add an entry for your hostname" and just submit again.
Even though it was correct submitting it again worked. This fix came from cPanel support.
I know its an old post, but here are a few checkpoints in addition to above if someone might need help in future with similar issue:
1> Check the content of
/etc/wwwacct.conf
2> Investigate your hostname & NS for proper results
dig ns1.example.com
dig hostname.exmple.com
host ns1.example.com
host (HOST IP)
nslookup hostname.exmple.com
3) Make sure you have registered your hostname.example.com and ns1.example.com at your domain registrar and they are pointing to right IP.
4) Ensure that no firewall is blocking port UDP:53 and others essential ports.
For my development process I need to access a webserver which is behind a VPN and has no DNS entry.
What I was doing on 4.x was to edit /etc/hosts on the iPhone, and add it to the hosts file.
Now I'm on 5.0 beta, and don't want to jailbreak for now just for this purpose.
Is there a way I can add a line to /etc/hosts, just for development purposes (the final, distribution application does not need this hack), without jailbreaking? Can I use other means (declare a fake DNS entry by some unknown means at application launch, for example)?
EDIT: If you're willing to purchase a small license, I recommend using Charles Proxy, a web debugging proxy tool. It will also resolve domains from your local /etc/hosts, and it gives a lot of bonus features (i.e. inspect requests/responses and throttle network speeds). I only stumbled upon this tool from a WWDC video and I'm not affiliated with the product at all. I recommend reading Chris Ching's tutorial for iPhone and Charles Proxy to get you started.
To add to Ramon's answer, a way around it is to setup your local computer as a DNS server and have your iPhone point to your computer as a DNS server. This would also work for Android devices as well
The instructions are for Mac OSX via Homebrew:
brew install dnsmasq
dnsmasq is a lightweight dns server that will fallback to the original DNS server when it encounters an unknown domain
Add the line address=/.your.domain.com/10.0.0.5 to the file /usr/local/etc/dnsmasq.conf
The IP Address 10.0.0.5 is whatever the IP address assigned to your local computer by your router. You can find this via Network Utility (if you want to be fancy, you can assign a static IP to your local computer in your router)
sudo dnsmasq
This starts dnsmasq process, and it will listen on the DNS ports
Assign your local computer and your router as your DNS servers for your computer via System Preferences -> Network -> Advanced -> DNS Tab
You'll have two entries, one for your local computer (127.0.0.1) and one for your router. The reason why you include your router's IP is dnsmasq will fulfill unknown entries through the other known DNS servers. Without the router entry, you're whatever devices connected to you dnsmasq won't know how to connect to the internet.
Set your local computer's IP Address as your DNS Server your iPhone, go to Settings -> Wi-Fi -> Info icon for your connected router -> DNS
Some things to consider:
If you shut down your machine, your iPhone won't connect to the internet anymore. Make sure to reset your iPhone's DNS server to your router's IP
By default dnsmasq will look at your /etc/hosts, so if you had pointed your.domain.com to 127.0.0.1, your iPhone will resolve your.domain.com to 127.0.0.1, which means you won't connect to anything. To change this behaviour edit uncomment the #no-hosts line in the dnsmasq config.
Sources
http://www.davesouth.org/stories/how-to-set-up-dnsmasq-on-snow-leopard-for-local-wildcard-domains
Set up a real DNS entry, either by setting up a local DNS server on your wireless network, or by using a dynamic DNS service, or by adding an A record to a domain you control DNS for.
You can also set up dnsmasq (available from macports/brew), it acts as a DNS forwarder which allows you to set all kinds of alternative records.
You can then set up the DNS on the iphone/ipad to point to the box running DNSmasq, and any host on /etc/hosts on the dnsmasq box will be returned first. If not found, dnsmasq will send the query to the upstream DNS.
Also you can add SRV records to dnsmasq.conf:
srv-host=_sip._udp.devel.foo.com,devel.foo.com,5070
And many other niceties.