Need Help - Production Server Down

[Mayhem30]

I really could use urgent some help here. All my websites and mail server has been down for hours.

I rebooted my production server this morning and lost access to all 16 static IP addresses.

They are still listed in /etc/rc.conf file, and all but the first IP address shows up in ifconfig.

SSH complains when I try to bind to the first IP address (can't assign requested address), but it able to bind to the other IP's but I still can't connect to them.

Any idea where I can start troubleshooting this?

 

[cracauer@]

Are all 16 addresses on the same interface?

What happens if you manually set the first address with ifconfig?

 

[Mayhem30]

Yes, all 16 are on em0. If I manually add my first IP (xx.xx.xx.60), my second IP address (xx.xx.xx.61) disappears from ifconfig

 

[covacat]

did you forget to add the alias keyword to ifconfig ?

 

[Mayhem30]

Yes, I did. The IP address appears to be added, but I still can't access it.

This is what I see on reboot :

Keep in mind I have not changed anything in /etc/rc.conf in years. So I'm not sure why I'm even having this issue.

 

[thogard]

The aliases tend to be /32 for some odd reason:
ifconfig em0 1.2.3.4/24 #first address
ifconfig em0 1.2.3.5/32 alias #first alias
ifconfig em0 1.2.3.6/32 alias
route add 0.0.0.0/0 1.2.3.1

 

[thogard]

Is something else on the network grabbing the address? If you have other ways, ifconfig em0 down;ifconfig em0 up; might reset the interface. Then set an alias, ping the primary address and check the arp table. Is there a rogue dhcp server on the network? ifconfig em0 1.2.3.5 -alias will remove an active address but one of the addresses will need to have a sane netmask.

 

[Mayhem30]

Solved. The issue was a new addition to the /etc/rc.conf file that was supposed to disable task offload, but of course overrides my first IP address.

# Disable task offload to the network card when using a firewall
ifconfig_em0="-tso -lro"

Does anyone know how to properly disable task offloading during boot?

 

[cy@]

You had me confused there for a moment: task offload? You meant to say TCP Segment Oflload and its related Large Receive Offload.

This is what I do on one of my firewalls (ipfilter). One of my DMZ examples below.

ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.254.0 -tso4"

You can define aliases separately. The fxp0 interface has no aliases while the one below does and I'm not in the habit of exposing my external IP addresses on a public list.

ifconfig_sk1_alias0="inet 10.0.0.254 netmask 0xffffff00"

 

[Mayhem30]

I don't define any local IP's, they are all public. So would I just add them to my first public IP?

I'd like to disable TSO and LRO for the entire em0. I'm really new at all of this. It was a "set and forget" config for years until something went wrong today.

ifconfig:
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>

/etc/rc.conf :
ifconfig_em0="inet xx.xx.xx.60 netmask 255.255.255.0 -tso -lro"