I have a few VMware servers that are completely NATed. They are strictly internal or fully managed application servers so they did not need public IP addresses directly assigned.

I did this for a few reasons:

• Eliminates the need for a /30 on the public side of the firewall.
• Elimiates the need for a "back channel" or interface with private IPs for LAN traffic.
• Easier to take boxes "offline" but still reach them via a VPN.

I need to move some sites to a new Cpanel server for PCI compliance, so I figured why not put a Cpanel box on the private VMware cluster? I know Cpanel does not recommend or support NAT configurations. However, I still have several "DNS Only" Cpanel boxes running in NAT mode.



So I figured I would give it a try. WRONG! While NAT does it's job forwarding requests through the firewall, Cpanel will assign the private IP addresses to sites in Apache. Without effectively modifying your apache configuration manually, your sites will never work in NAT mode.



Bottom line, no NAT for Cpanel. It does work for Cpanel's DNS Only.

Nearly every hosting company or network administrator will rate limit traffic. This is commonly done by leaving the port speed of access switches to 10 or 100 Mbps but enforcing a policer or rate limit statement to restrict traffic flow. Generally this is done for egress (outbound or outgoing) traffic. In data centers and networks that contain servers, most of the bandwidth consumed is traffic from the servers hitting the Internet.

That being said, it may also be advantageous to put a policer statement in your switches to also rate limit ingress traffic. I have seen and experienced problems with networks that had zero restrictions on ingress traffic. If a server or group or servers suddenly requests data from outside the network, saturation quickly brings the network down or to a crawl. Unfortunately, because of the way TCP works, you must have bandwidth available (both ingress and egress) to complete connection requests.

If you ever transfer large files using your cable modem, you may notice slow web browsing while the transfer is running. Same concept applies. Now, saturation of Ingress bandwidth is usually only a problem on small networks. By small I mean networks with 100 Mbps or less of transport to the Internet.

Larger networks with 200+ Mbps usually run fine as requests in excess of 200 Mbps are rare. Speaking from experience, I had a group of Sonicwall CDP devices configured to collect backup data from remote networks. Manually activating the transfer requested over 70 Mbps of Ingress traffic. That combined with other requests from the network saturated the 100 Mbps pipe and some servers were reporting offline.

Placing a high rate limit on ingress traffic may be worth your while depending on what devices live on your network. In my case, it would have stopped the Sonicwalls from eating all the bandwidth. If you are using Juniper gear, rate limiting can be done in the ScreenOS GUI. In JunOS this is done by attaching a policer statement the interface. Cisco PIX/ASAs will also rate limit traffic. If you are using Cisco Catalysts make sure you have the "Enhanced" version of IOS. They require specific models like the 2950T. The standard 2950 will not do rate limiting. All layer 3 Cisco devices such as 3750s and 4548s will work fine right out of the box.

Growing up in Orlando, I saw this company go from operating out of a normal office, to taking over the entire office park and surrounding buildings. It’s no secret Fullsail “University” has grown by leaps and bounds. The school itself is only accredited by the ACCSC, which grants accreditation to vocational schools. Colleges and universities do not recognize the ACCSC and therefore any credit hours earned WILL NOT transfer to a traditional 4-year degree program.

I have blocked Fullsail’s advertisements from my Adsense account and I will tell you why. Over the last few years I have learned more and more about this company. I will refer to it as a company for the rest of this post because the fact it is called a University is outrageous. In my opinion, the only thing that qualifies it as a “University” is the price (rumored to be 40k-55k total). In the last few years, I have meet and/or interacted with many people who attended Fullsail. The majority of whom I met never graduated from the place. Of the ones who did, most of them did not move on to be successful movie producers, recording artists, or anything close. In fact, most of them were given jobs as “recruiters” to work for the company. Sounds like a pyramid scheme to me…

Not to stereotype (I will admit when I do) but it seems that a lot of students I have seen had 2 things in common. The first is being “Gothic.” Fullsail had taken over an old strip mall close to an Ale House where I was eating. While leaving, I drove past the strip mall and must have see 50+ “students” all dressed in black. Some had black lipstick (both girls and guys ), colored hair, and a lot of piercing. The second thing they have in common is poor driving skills. Somehow, when I drive around that area, most of the people who are speeding, weaving through traffic, and cutting people off all have a Fullsail sticker on the back of their car.

So what makes this place so renowned? I have a hard time believing this place is that great considering the current and former attendees. Another thing that caught my attention was the fact Failsail themselves have control of fullsailsucks.com. I briefly looked into this and it seems that someone started the website and Fullsail sued them, therefore gaining control of the domain name. Not sure if that is true or not, but a Google search reveals many students who have come forward and shared their story. There have been several other websites exploiting Fullsail. Most of them have been shutdown, but there is a forum that requires registration to view it. While reading the reviews, most said it wasn’t what they expected. They didn’t get everything that was promised to them, and in the end they felt taken.

I don’t know the real story about this place… I have never attended Fullsail and never will. I can say that the reviews I read which portray negatively seem to outweigh the positive ones. I cannot help but think Fullsail is painting a Picasso for the incoming students, then handing them a Xerox when they graduate.