MikeL's FreeBSD howto - Change IP address

MikeL's FreeBSD howto - Change IP address

(Page last updated 29-Feb-2024)

Most important - don't forget to bring your card key when you go to the co-lo site!

This page was created when I physically moved my FreeBSD server from a lower-speed DSL connection in my home, to a high-speed data center co-location service. The assumption is that the box will be locked in a closet once configured, accessible only via the Intenet/ssh. This included new internet/DNS configurations.

We're assuming we're simply moving the machine from one IP address to another, and changing it's name at the same time. We are NOT changing the domain, only the server name within the domain. Basically just a different IP.

However, the page has since been updated to handle basically the same move as above, but now from an existing "almost" twin to the co-lo, meaning a name change as well.

I'm choosing to change the name as I already have a name for that co-lo address established in DNS. The idea is to minimize the downtime during the move. I have a secondary, newer machine, which has been configured as a twin of the primary, but with the latest software, and a different subdomain name. I'll be moving this secondary to the co-lo, and once it's all happy, then change it over to being the primary, thus minimal interuption.

A few days before making the move:

If necessary, have your upstream provider update the reverse DNS name of your IP address! If you're on a DSL or some such, by default this name probably indicates that you are a dialup, which will be blocked by many mail servers. Check your existing name with:
dig PTR [your ip in reverse].in-addr.arpa
For centurylink, I wasted a bunch of time googling 'centurylink dsl reverse ip". I eventually went through their tech support chat, and eventually got someone who after about half an hour of misdirections, said they'll send an email to the group that will take care of it. From that google search, I eventually found that I should have simply emailed <dns-admin@centurylink.com> or maybe @lumen.com. Be sure to include account number as well ip addr and resolution.
email customer list of impending move, and ask them to refrain from changes for a few days.
edit /etc/namedb/<your-machine-hosts-file> and lower TTL, expire, and refresh values to a few hours.
Be sure there is a new A record everywhere for the new IP address.
Obviously if you have multiple domains, you'll have to do them all. (If you don't already, this is sure to get you to convert to using common files which do include.)
"Do your homework" -- If you're swapping out an old machine for new, go through the steps below, and modify those files on the new machine that make sense to prepare, by adding commented out lines that you can simply comment in at move time, e.g. the ifconfig lines in rc.conf.

Before shutting down the machine for the actual move, you'll want to do the following (be sure to allocate some time for all this):

Edit /etc/rc.conf with new gateway:
Your upstream provider will supply you with the ip address of their gateway (may also be called router) for your system: defaultrouter=<ip-of-upstream-gateway>
You'll change the new IP address in the ifconfig:
ifconfig_<device>=<your-new-ip>
(I'm omitting other possible options in the ifconfig -- that's your problem.)
Hopefully your ISP is forwarding the old IP address to the new for you, in which case you'll enter the old as an alias:
ifconfig_lo0_alias0="inet <your-old-ip>".
(Again, I'm omitting other options in the ifconfig line.)
Edit /etc/resolv.conf with new DNS server(s).
(Of course the first line in the file will still be: domain=<your-domain-name>

nameserver=

/etc/resolv.conf

/etc/resolvconf.conf

Edit /etc/rc.firewall. If you're using a more complex config. you may need to update onet and oip.
Assuming you're running your own DNS/BIND:
cd /etc/named
Edit named.conf: new IP into sections allow-recursion, allow-transfer, allow-query, listen-on, query-source, initial 'controls inet' block.
cd /etc/named/primary
grep <new-ip-addr> * (be sure to double-backslash the dots)
Same command again for the old ip address. Update any found files.
Don't restart 'named' at this time. do sanity check with:
named-checkconf -z | more
Check /etc/mail/<your-system-name.mc>. You will almost certainly be changing:
define(`confDOMAIN_NAME', `<testdomain.example.com>') to drop the 'testdomain' part (assumes of course we're the new master). There may also be DAEMON_OPTIONS; be sure to regenerate and place .cf file.
Also check access, local-host-names, relay-domains, aliases.
Do the grep trick (as shown above) with new and old ip addresses, to search for any more files that need to be updated.
Rebuild db's, but don't restart sendmail at this time:
/usr/sbin/makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable
/usr/sbin/makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
/usr/bin/newaliases
cd /usr/local/etc/apache
Edit httpd.conf; at the very least you'll be dropping the test-subdomain name from the ServerName declaration.
Do the grep trick adding /* layers until you've checked all files including below this dir (don't forget to double-backslash on dot), and fix anything. You'll certainly be changing the IP address in all virtual domains.
httpd -S
to do a sanity check.
Do not restart apache at this time.
cd /usr/local/etc and
grep <old-ip-addr> *
cd /etc and do the same grep'ing there.
Do this again in both places for the new IP addr as well.
/etc/passwd (use vipw) I put my system name into the root entry instead of that stupid "charlie"
/etc/ftpchroot and possibly /etc/ftpuser may need to be brought across.

service sendmail stop
service imapd stop
service mailman stop
service saslauthd stop
service mysql-server stop
bring down: /usr/local/etc/mail/spamassassin/local.cf This file need not be merged, just ftp in
bring down: mysql backup mysql howto
bring down: my own personal directory
bring down: mailman list dirs (I don't need to do this as they're all just links to the customers dir for storage)
bring down: /var/spool/ (imap email store) imap howto
and /usr/local/etc/sasldb2.db (see imap howto)

shutdown -h now
and move the box.

Once the box has been moved, on site, try a remote 'ssh' in -- if you've gotten things correct in the previous steps, you're done enough to go home and work remotely.

However, if things don't go perfectly... through a monitor and keyboard at the console:

You may need to get things working using manual ifconfig commands.
Keep at it until you can ping somebody in the outside world (or in some way prove that the network is working).
From some external machine, make sure you can do an ssh inbound.
Make sure to update /etc/rc.conf with the final ifconfig.
Once done, reboot machine so as to make sure you can still ssh in remotely, even after a powerfail reboot.

Now that the box has been moved, and is up, and is remotely accessible, you can lock up the box in the closet, and go somewhere more comfortable to do the remaining work:

If needed, go to your domain name registrar(s) and update them.
Go to mxtoolbox.com to check your work.
email customer list you're done.
Don't forget to go to your DNS and mail secondarying machines and go through the same list of files on each.
Don't forget to go to inform anyone else who depends on your IP of the change; for example are you subscribed to RBL+ at mail-abuse.org?. Do you have anyone doing secondarying for you?

A few days later, after the dust has settled:

Go back to mxtoolbox.com to ensure that all is still as you think it is.
Set time values in DNS settings back to more reasonable values.