The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

Letting people know the web server is off line 11 May 2000
Need more help on this topic? Click here
This article has no comments
Show me similar articles
Today I took down my new webserver in order to add three new donated SCSI drives.  I was also able to let everyone know that they websites were offline and when they could expect them to be back.  And it was far easier than I expected.  The solution may not apply to everyone, but at least you'll know how such things can be done and perhaps it will be applicable to other situations you may encounter.
The situation
I'm running a small network. It has a gateway (FreeBSD 4.0-S and ip filter), a webserver (FreeBSD 4.0-S, Apache), and some workstations (NT).  The key to the solution is that the webserver is on it's own box.  The gateway also has a web server, which is mostly unused.  Incoming http requests (on port 80) are redirected from the gateway box to the webserver via ipnat rules.  This is done with a rule like this:
rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp

where ab.bb.cc.dd is the IP address which incoming request reach my gateway and 10.0.0.1 is the address of my webserver.  Quite simply, all requests reaching my gateway on port 80 are redirected to my webserver at 10.0.0.1.

The solution
So, what did I do to let everyone know the website was down?  Well, first I created a little website containing a single page saying "Sorry, but our websites are down, but we'll be back at <insert time here>".  I put this website on the gateway, which already had http installed.  This website was the default website for this server.

The following command removes the above redirect.  See man ipnat for more detail.

echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \
                                      | ipnat -r -f -

That was it.  The switch was thrown.  All incoming requests for my websites were met by Apache running on my gateway.  I could now take down my real webserver in the knowledge that people would know that my site was down and not be met with some unpleasant message.  It's also better for public relations.

When it was time to bring the webserver back online, I issued this command:

echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \
                                      | ipnat -f -

As you can see, the only difference is the "-r" flag.

I also used this flag in using rule groups for blocking IP blocks.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles