~3 min read • Updated Feb 18, 2026
1. Understanding 1:1 NAT in cPanel & WHM
cPanel & WHM requires a 1:1 NAT configuration when installed in a NAT‑based environment. During installation, the system automatically detects NAT and maps private IP addresses to public IP addresses.
Warning: Only configure 1:1 NAT on a fresh installation. Do not apply NAT changes to a production server.
How the Mapping Works
The system sends outbound requests from each local IP to http://myip.cpanel.net/v1.0/. The service returns the public IP, and cPanel maps each private IP to its corresponding public IP.
Important: Do not map multiple private IPs to a single public IP.
Managing IP Addresses
You can manage NAT mappings using:
- WHM » IP Functions » Add a New IP Address
- WHM » IP Functions » Show or Delete Current IP Addresses
- WHM » IP Functions » IP Migration Wizard
If multiple private IPs match one public IP, only the first entry in /var/cpanel/cpnat is used.
Rebuilding the cpnat File
To use a custom IP lookup service:
echo "MYIP=https://ifconfig.me/ip" >> /etc/cpsources.conf
/usr/local/cpanel/scripts/build_cpnat
If cpnat is deleted or corrupted, rebuild it using the same script.
To disable NAT mode entirely, delete:
/var/cpanel/cpnat2. Best Practices for Script and Code Permissions
Running code as a user other than the file owner creates serious security risks. In cPanel version 132, permissions on /etc/trueuserowners were restricted to prevent unauthorized access.
Common Errors You May See
- CGI scripts running as
nobodymay show incorrect contact information. - Apache logs may show:
[SCRIPT-NAME] /etc/trueuserowners is not readable as nobody
Why You Should Not Run Code as Other Users
- Privilege escalation risks
- Files must be world-readable, weakening security
- Modern applications expect to run as their owning user
Recommended Permission Practices
Use restrictive permissions such as:
chmod 640 filename
chmod 750 directory
Only run code as the file owner to prevent privilege escalation.
EasyApache 4 Behavior
EasyApache 4 runs Podman and Passenger apps as the file owner. Script execution depends on the handler:
- CGI scripts run as the user with: suexec, ruid2, ITK
- PHP scripts run as the user with: PHP-FPM, Ruid2
Handler limitations:
- suexec requires PHP CGI or lsapi
- suphp requires suphp + suexec
- ITK requires PHP-FPM
3. cPanel PHP Overview
cPanel & WHM includes internal PHP packages (PHP 8.4) with PEAR, PECL, and loaders.
Included PHP Modules
Modules include:
bcmath, bz2, Core, ctype, curl, date, dom, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, random, Reflection, session, SimpleXML, soap, sockets, SPL, sqlite3, standard, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib
PEAR and PECL Modules
Includes modules such as:
Archive_Tar, Auth_SASL2, Cache, Console_Color, Date, Date_Holidays, File, HTML_Template_IT, HTTP, Log, Mail, MDB2, Net_DNS2, Net_FTP, Net_IMAP, Net_SMTP, Net_Socket, Net_URL, Services_Weather, XML_Parser, XML_RPC, XML_Serializer, XML_SVG
PHP Loaders
ioncubesourceguardian
PHP and SQL Libraries
The PHP binary links to:
- PostgreSQL
- SQLite
The php.ini File
Important: Do not edit the internal php.ini directly. cPanel overwrites changes.
Use:
WHM » Server Configuration » Tweak Settings » PHPThis php.ini is separate from EasyApache 4’s PHP configuration.
Conclusion
This guide covers 1:1 NAT configuration, secure script permission practices, and a complete overview of cPanel’s internal PHP modules and loaders. Following these guidelines ensures a secure, stable, and fully compatible cPanel & WHM environment.
Written & researched by Dr. Shahin Siami