From owner-freebsd-net@FreeBSD.ORG Tue Sep 16 11:51:12 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E5B61065670 for ; Tue, 16 Sep 2008 11:51:12 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail5out.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) by mx1.freebsd.org (Postfix) with ESMTP id F20A88FC08 for ; Tue, 16 Sep 2008 11:51:11 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by mail5out.barnet.com.au (Postfix, from userid 1001) id 386372218824; Tue, 16 Sep 2008 21:34:54 +1000 (EST) X-Viruscan-Id: <48CF99DE00009214757EF3@BarNet> Received: from mail5auth.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail5auth.barnet.com.au", Issuer "*.barnet.com.au" (verified OK)) by mail5.barnet.com.au (Postfix) with ESMTP id E7EBA21B5938; Tue, 16 Sep 2008 21:34:53 +1000 (EST) Received: from k7.mavetju (ppp121-44-125-22.lns10.syd6.internode.on.net [121.44.125.22]) by mail5auth.barnet.com.au (Postfix) with ESMTP id 8FC0D2218950; Tue, 16 Sep 2008 21:34:53 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id D874C41D; Tue, 16 Sep 2008 21:34:55 +1000 (EST) Date: Tue, 16 Sep 2008 21:34:55 +1000 From: Edwin Groothuis To: Jordi Espasa Clofent Message-ID: <20080916113455.GA83338@k7.mavetju> References: <48CF930B.4020704@minibofh.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48CF930B.4020704@minibofh.org> User-Agent: Mutt/1.4.2.3i Cc: freebsd-net@freebsd.org Subject: Re: Change netmask with /etc/rc.d/network restart or reboot the machine? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 11:51:12 -0000 On Tue, Sep 16, 2008 at 01:05:47PM +0200, Jordi Espasa Clofent wrote: > I've a lot of boxes in production with a lot of associated services > (http, ftp, ssh, smtp, mysql...). > Because of internal administration reasons I need to ampliate my > internal IPs range from /24 to /16; so I need to change my internal NIC > settings. The last goal is make the change with _security_. I prefer a > reboot with thier 2/4 minutes downtime than a odd miss-function in > several production services. > > I tend to think that the use of ifconfig(8) will be enough; of course, > I'll also modify /etc/rc.conf 'ifconfig_' record for posterior > reboots. Or maybe I has more sense to modify directly the /etc/rc.conf > record and next use the '/etc/rc.d/netif restart'; or maybe make the > change in /etc/rc.conf and reboot the machines. > > ?What do you tink about? Like you said, ifconfig is the simplest way to do it. Just make sure your default gateway doesn't need a change neither. Foolproof should be: - Modify /etc/rc.conf - "shutdown -r +3" - "ifconfig nic0 1.2.3.4 netmask 255.255.0.0" - "killall -TERM shutdown" That way even if the ifconfig goes wrong for some reason (it will happen if you do 700 machines) the machine will come back after the reboot. Don't forget about possible ipfw rule changes! Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/