Parallels H-Sphere Documentation System Administrator Guide

 

NAT Configuration

 

Last modified: 27 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

H-Sphere supports NAT (Network Address Translation), which allows you to use internal IPs in your local area network. When configuring H-Sphere, use internal IPs in all instances, and H-Sphere will convert them into external IPs for the DNS settings and control panel web interface.

To configure NAT:

1) Log into CP server as cpanel user.

2) Create the ips-map.xml file in the ~cpanel/shiva/psoft_config/ directory in the following format:

<ips>
   <ip ext="
external_ip" int="internal_ip"/>
   . . .
</ips>

Example:

<ips>
    <ip ext="65.219.197.236" int="192.168.1.27"/>
    <ip ext="65.219.197.237" int="192.168.1.28"/>
    <ip ext="65.219.197.238" int="192.168.1.29"/>
    <ip ext="65.219.197.239" int="192.168.1.30"/>
    <ip ext="65.219.197.242" int="192.168.1.31"/>
    <ip ext="65.219.197.243" int="192.168.1.32"/>
    <ip ext="65.219.197.244" int="192.168.1.33"/>
</ips>

3) Set the following record in ~cpanel/shiva/psoft_config/hsphere.properties:

IPS-XML-FILENAME = /hsphere/local/home/cpanel/shiva/psoft_config/ips-map.xml

4) Restart H-Sphere to apply changes.

To disable NAT support, it will suffice to remove this line from hsphere.properties and restart the CP.

 

Configuring Newly Installed H-Sphere With NAT Support

  1. Create the ips-map.xml file and configure hsphere.properties to use it, as specified above;
  2. In the E.Manager menu, add your physical and logical servers with the corresponding internal IPs;
  3. In E.Manager->DNS Manager, add DNS records with internal IPs.
    Note: Internal IPs will be transformed to the corresponding external IPs in DNS zones configuration.
    There will be only external IPs in DNS zones configuration!

If you still have problems with resolving your servers after that, you may run DNS Creator by the following command under the cpanel user:

java psoft.hsphere.tools.DNSCreator -m db -dz

 

NAT Support On A Live System

To add NAT support to an H-Sphere already configured with external IPs, perform the following steps:

  1. Create the ips-map.xml file and configure hsphere.properties to use it, as specified above;
  2. Replace external IPs in E.Manager->P.Servers and L.Servers to internal IPs.
    Note: These internal IPs should be of the same type (shared, dedicated) with the corresponding external IPs.
    Example: If there was a shared 64.10.10.10 external IP, the corresponding 192.128.10.10 internal IP should also be configured as a shared IP.
    In such case, there will be no need to recreate DNS;
  3. Replace external IPs in E.Manager->DNS Manager to the corresponding internal IPs.
    Note: Internal IPs will be transformed to the corresponding external IPs in DNS zones configuration.
    There will be only external IPs in DNS zones configuration!

If you still have problems with resolving your servers after that, you may run DNS Creator by the following command under the cpanel user:

java psoft.hsphere.tools.DNSCreator -m db -dz

 

NAT Firewall Configuration

Some software (osCommerce, phpBB, and SiteStudio) connects to resorces by hostname (web.example.com, mysql.example.com). Since hostnames resolve to external IPs, you need to configure your NAT firewall so that your physical servers (web.example.com, mysql.example.com) can address themselves and each other both by external and internal IPs.

Alternatively, if you have RedHat Linux running on all servers, you can add the following rule to the iptables for each IP pair on every single box:

iptables -t nat -A OUTPUT -p tcp -d <external> -j DNAT --to <internal>

for example:

iptables -t nat -A OUTPUT -p tcp -d 65.219.197.236 -j DNAT --to 192.168.1.27
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.237 -j DNAT --to 192.168.1.28
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.238 -j DNAT --to 192.168.1.29
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.239 -j DNAT --to 192.168.1.30
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.242 -j DNAT --to 192.168.1.31
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.243 -j DNAT --to 192.168.1.32
iptables -t nat -A OUTPUT -p tcp -d 65.219.197.244 -j DNAT --to 192.168.1.33

 

IP Migration with NAT

For IP migration with NAT, see the guide on changing IPs.



© Copyright 2017. Parallels Holdings. All rights reserved.