cPanel with CentOS 6 as Internet Gateway

I am going to install a web server running on cPanel with several database servers connected only from the internal network (192.168.10.0/24). Since I need to run some yum installation in every box, I need to have internet access on each of the backend server.

My problem is I do have only 1 public IP provided by my ISP. I have no choice and must add another role to my cPanel box running on CentOS 6.3 to be an internet gateway so my database servers can have internet connection for this deployment phase.

Following picture simply explain the architecture that I am going to use:

Web Server (cPanel)

1. Since this server will going to be a gateway, we must allow the IP forwarding inside kernel. Open /etc/sysctl.conf and change following value:

net.ipv4.ip_forward = 1

2. Save the file and run following command to apply the changes:

$ sysctl -p

3. Lets clear the iptables rules first as we are going to add different rules later:

$ iptables -F

4. We need to allow IP masquerading in interface that facing internet connection, in my case is eth0. We also need to accept all connections from/to the internal network (192.168.10.0/24):

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ iptables -A FORWARD -d 192.168.10.0/24 -j ACCEPT 
$ iptables -A FORWARD -s 192.168.10.0/24 -j ACCEPT

5. Save the rules:

$ service iptables save

 

Database Servers

1. In every server, add the internal IP address into /etc/sysconfig/network-script/ifcfg-eth0 as below:

Database Server #1:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.101
NETMASK=255.255.255.0
NETWORK=192.168.10.0

Database Server #2:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.102
NETMASK=255.255.255.0
NETWORK=192.168.10.0

Database Server #3:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.103
NETMASK=255.255.255.0
NETWORK=192.168.10.0

2. Change the gateway to point to the web server (cPanel) by adding following line into /etc/sysconfig/network :

GATEWAY=192.168.10.100

3. Add DNS resolver into /etc/resolv.conf as below:

nameserver 8.8.8.8
nameserver 8.8.4.4

4. Restart network service:

$ service network restart

 

Done! All the database servers should be able to have internet connectivity after the network service restarted. One public IP to be shared among servers?? Not a problem!