From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 09:23:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D7F16A4CE for ; Sat, 13 Dec 2003 09:23:13 -0800 (PST) Received: from lakemtao05.cox.net (lakemtao05.cox.net [68.1.17.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1F9143D32 for ; Sat, 13 Dec 2003 09:23:09 -0800 (PST) (envelope-from micheal@tsgincorporated.com) Received: from dredster ([68.12.79.37]) by lakemtao05.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031213172309.EQYR29834.lakemtao05.cox.net@dredster>; Sat, 13 Dec 2003 12:23:09 -0500 Message-ID: <007a01c3c19d$cc02fd00$0201a8c0@dredster> From: "Micheal Patterson" To: , "Jack L. Stone" References: <3.0.5.32.20031213102548.01e3d240@10.0.0.10> Date: Sat, 13 Dec 2003 11:22:32 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: NATD remote management X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2003 17:23:13 -0000 ----- Original Message ----- From: "Jack L. Stone" To: Sent: Saturday, December 13, 2003 10:25 AM Subject: NATD remote management > Dear list: > I manage a remote gateway/nat/router/fw server where it is not convenient > for anyone to go downtown to the colo and do reboots. > > I've managed to do everything here remotely from my own console, including > reboots when updating the OS requires it -- that is except when > reconfiguring the natd.conf file to add another forwarding service. I can > reboot and it comes up okay, but rather would avoid a reboot. BUT, if I try > to kill/restart the natd daemon remotely, it kills my SSH session -- no > restart of NATD -- cannot log back in and that means a 30-min trip for > someone to the colo. That gets old and rather just reboot which is a lot > less inconvenient. > > Obviously, when I do the kill of natd, it disconnects my SSH session and I > can't restart the daemon so it can reread the natd.conf file for my changes. > > I've tried a background script, but that hasn't worked either. Perhaps a > second session would stay alive.... either SSH or even a telnet session > just for the duration for this event??? Or a better background script...?? > > I'd rather not do any uninformed guessing/gambling on different techniques > to cause a lock out. There's probably a simple answer and hope someone will > remind me what it is.... > > Many thanks & Happy Holidays to the list. > > Best regards, > Jack L. Stone, > Administrator > > SageOne Net > http://www.sage-one.net > jackstone@sage-one.net I don't run ipfw or natd from rc.conf as many folks do because I've had a need to make changes remotely to both, and this is the method that I learned way back when. I've got scripts in rc.d that I use for those. Make the change, run the script, and viola, change is active. This script, natkill, will search for the natd pid, kill it with a -9, restart natd and reload the ipfw ruleset. You'll still lose your session but it should reconnect. Use this at your own risk. --------------------- natkill ------------------ !/bin/sh # pid=`/bin/ps -ax | grep 'natd' | sed -e 's/^ *//' -e 's/ .*//'` if [ "${pid}" != "" ] then kill -9 ${pid} fi /etc/rc.d/natd.sh /etc/rc.d/ipfw.sh ------------------------ end -------------------- -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600