Date: Sat, 13 Dec 2003 11:22:32 -0600 From: "Micheal Patterson" <micheal@tsgincorporated.com> To: <freebsd-questions@freebsd.org>, "Jack L. Stone" <jackstone@sage-one.net> Subject: Re: NATD remote management Message-ID: <007a01c3c19d$cc02fd00$0201a8c0@dredster> References: <3.0.5.32.20031213102548.01e3d240@10.0.0.10>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Jack L. Stone" <jackstone@sage-one.net> To: <freebsd-questions@freebsd.org> Sent: Saturday, December 13, 2003 10:25 AM Subject: NATD remote management > Dear list: > I manage a remote gateway/nat/router/fw server where it is not convenient > for anyone to go downtown to the colo and do reboots. > > I've managed to do everything here remotely from my own console, including > reboots when updating the OS requires it -- that is except when > reconfiguring the natd.conf file to add another forwarding service. I can > reboot and it comes up okay, but rather would avoid a reboot. BUT, if I try > to kill/restart the natd daemon remotely, it kills my SSH session -- no > restart of NATD -- cannot log back in and that means a 30-min trip for > someone to the colo. That gets old and rather just reboot which is a lot > less inconvenient. > > Obviously, when I do the kill of natd, it disconnects my SSH session and I > can't restart the daemon so it can reread the natd.conf file for my changes. > > I've tried a background script, but that hasn't worked either. Perhaps a > second session would stay alive.... either SSH or even a telnet session > just for the duration for this event??? Or a better background script...?? > > I'd rather not do any uninformed guessing/gambling on different techniques > to cause a lock out. There's probably a simple answer and hope someone will > remind me what it is.... > > Many thanks & Happy Holidays to the list. > > Best regards, > Jack L. Stone, > Administrator > > SageOne Net > http://www.sage-one.net > jackstone@sage-one.net I don't run ipfw or natd from rc.conf as many folks do because I've had a need to make changes remotely to both, and this is the method that I learned way back when. I've got scripts in rc.d that I use for those. Make the change, run the script, and viola, change is active. This script, natkill, will search for the natd pid, kill it with a -9, restart natd and reload the ipfw ruleset. You'll still lose your session but it should reconnect. Use this at your own risk. --------------------- natkill ------------------ !/bin/sh # pid=`/bin/ps -ax | grep 'natd' | sed -e 's/^ *//' -e 's/ .*//'` if [ "${pid}" != "" ] then kill -9 ${pid} fi /etc/rc.d/natd.sh /etc/rc.d/ipfw.sh ------------------------ end -------------------- -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007a01c3c19d$cc02fd00$0201a8c0>