From owner-freebsd-isp Tue Feb 18 01:25:30 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA19500 for isp-outgoing; Tue, 18 Feb 1997 01:25:30 -0800 (PST) Received: from shadows.aeon.net (bsdisp@ns.aeon.net [194.100.41.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA19486 for ; Tue, 18 Feb 1997 01:25:25 -0800 (PST) Received: (from bsdisp@localhost) by shadows.aeon.net (8.8.5/8.8.3) id LAA24937; Tue, 18 Feb 1997 11:23:48 +0200 (EET) From: mika ruohotie Message-Id: <199702180923.LAA24937@shadows.aeon.net> Subject: Re: Which way is 'correct'? (was: Re: Aliases) To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Tue, 18 Feb 1997 11:23:48 +0200 (EET) Cc: brandon@cold.org, freebsd-isp@freebsd.org In-Reply-To: <29551.856243137@time.cdrom.com> from "Jordan K. Hubbard" at "Feb 17, 97 09:18:57 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Must be pilot error - I brought up a 2.2 system from scratch just > a few days ago and it's now serving about 20 virtual IPs using the > /etc/sysconfig hooks for it. Works great. The code in netstart > is only doing this: hmm? how about 2.1.x? (yes, i am more and more tempted to go to the 2.2 or even current but i want to run cdrom-released on production, so i can keep myself excused for subscribing =) ) if i dont put something (and from the history i remember once the right thing to do would've been 'route add -host w.x.y.z -interface 127.0.0.1'), it just doesnt work... and even with that i had serious probs that caused me severe hair loss, the general ip's for server (for services) comes from "our" server subnet, a /27, the customer's virtual ips are from the space after two /27's from the beginning of a c-class, starting from *.65 anyway, after i started to assign those ips it looked clean first, then from the bright sky the server dropped itself from the ether one night, i was connected to another machine in the same subnet, which is my developing desktop (and firewall to the inner subnet and for all those other tasks i rather not run on www server, read i dont trust our business to a machine that's dedicated for www, paranoid? always. ofcourse i fired up tcpdump and saw no packets on the ether from the machine. the machine connected itself twice for few minutes, and i was amazed to see it had not rebooted. but before i could do more it was gone again... (at the time i was wondering if someone's SYN flooding it, what is the best way to find that out?) next day i read the logs and everything including lastcomm, and as far as the machine was concerned it was up and kicking all the time. i probably managed to reproduce the prob artificially by rebooting it, it didnt "walk back on" even tho it seemed to operate perfectly, itself being able to ping it's interfaces and all... just _nothing_ on the ethernet. coz i dont run bpfilter kernels on production machines i was not able to tcpdump, so i dont know exactly what was going on... one of _those_ moments when i was swearing about being "safe", on machine that's not offering shell and is incapable of answering telnet _and_ ssh (ssh from few selected machines is not ipfw:ed, rest are rejected) i know i probably would be relatively safe having the bpfilter (opinions?) for situations like this one... tcpdump on the ether again showed no trace whatsoever that this machine would've been on the net... and didnt hint there'd be other prob than just no such machine/addresses present. oh yes, i use smc 21040-A 10/100 pci adapters. i changed the adapter, no dice. actually i changed the hub too, and the cable, and the pci slot, i did not change the motherboard. but no dice. i read my configs, compared them to another machine, the developing desktop, which ran and runs without coughing with _two_ ether adapters... i twiddled with the router, but was all the time confident those were right... still tried different things... i could get it to the net with some twiddling, i had to tell it the main ether ifconfig again, manually. finally i dumped the /etc/sysconfig and did what i like most, simple separate lines in the /etc/netstart. and replaced the '-interface 127.0.0.1' with '-gateway w.x.y.z' (gateway being our main router) and it worked from the first bootup. (this was 2 days later, mostly coz i had 10001 other things to do between the moments i had time to track down the problem) now i've been wondering what did i do wrong? notice that on the desktop which works without probs i have all the aliased ip's from the same subnet, but on the server they are not, and problems came _after_ i assigned those other ips... router "knows" where those ip's should be. i assign the ip's to de0, and do that 'route add' from /etc/netstart and it does work fine... (i actually removed the /etc/sysconfig totally) right/wrong? (i dont include my configs, those were out from the "book", i did multiple checks) how about ppp0, i noticed at home ppp0 dislikes aliased ip's, i had to twiddle with it too... even if the ip's are from same subnet... i got that about to work too (it works but i dont quite like the way it works if it makes sense), but i assume the right thing to do it with ppp0 would be aliasing those to lo0, right? it's -current (pre lite/2) and there too i have no /etc/sysconfig in use coz it's been -current for ages and i havent felt like upgrading that. mickey -- mika@aeon.net mickey@supsys.fi