Date: Fri, 14 Nov 1997 09:56:36 -0700 From: "Jan L. Peterson" <jlp@imall.com> To: "Studded" <Studded@dal.net> Cc: "FreeBSD Stable List" <FreeBSD-Stable@FreeBSD.ORG> Subject: Re: Serious problem with ipfw in 11/10 Snap Message-ID: <199711141656.JAA29684@banana.imall.com> In-Reply-To: Your message of "Thu, 13 Nov 1997 23:25:46 PST." <199711140725.XAA05912@mail.san.rr.com> References: <199711140725.XAA05912@mail.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is unrelated to your ipfw, but I have a comment about this statement of yours: > are especially bad for us because our 2 servers are in a colo that > goes without people for several days. Therefore, problems that > isolate the machines from the net can cost us days in uptime. What you should do is configure your co-located machines for a serial console and hook them together (or to a modem) so that you can get on the console remotely. This way, you will be able to access them even if your firewall rules are screwed up. You will also be able to do something if they drop into single user mode at boot time due to a bad fsck or something. We have four freebsd servers, a freebsd based firewall, and a cisco router at a coloc about 45 miles from our main office. All of the machines have their serial ports connected to a xylogics microannex (a terminal server), which also has a modem on it. This way, even if the router flakes out, we can still get console access to all of our servers without having to drive there. The only thing we can't do remotely at the moment is powercycle the machines. We're looking into X10 for that. :-) -jan- -- Jan L. Peterson iMALL, Inc. tel. +1 801 377 0899 Senior Systems Admin 1185 S Mike Jense Cir fax +1 801 373 1947 jlp@imall.com Provo, UT 84601 (USA) http://www.imall.com/~jlp/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711141656.JAA29684>