Markus Gaugusch wrote:
On Jan 2, Daniel Nilsson
wrote: What I'm looking for here are some experiences upgrading from 7.1 to 8.1. What can go wrong (especially on remote machine which I can only access through ssh) ?
You can't update remote, because the system must not be active while the base packages are updated. Although I did this once, I don't recommend it. Touching something sensitive like a firewall (at least sensitive to the connectivity of the company using it), and doing it remote, possibly breaking the connection during update is just stupid.
Well, the systems are 2000 miles away and in multiple location. I do have personnel in place at these location, they are however not trained Linux admins but can type commands if I tell them what to type... I agree that the situation is not optimal, but it seldom is in the real world where companies are limited by resources and money. If my conclusion is that it's impossible to do this remote I need to travel to install these systems, and I'd like to spend a little more time trying to figure out if this is at all possible before I reach that conclusion.
Can I still use SuSEfirewall or do I need to convert to SuSEfirewall2 ?
You will have to convert to SuSEfirewall2, because fw1 doesn't support iptables, I think.
If I were you, I'd setup the new system on a new Harddisk (machines with SuSE 7.1 don't have new hard disks anyway, so it's time to change ;) and when everything is configured, change the disks (or copy the partitions, if the old HDD is good enough). I won't have to tell you about backups, do I? At least make a copy of /etc, /var and /usr/local.
I was actually thinking about this option as well, I could make an image of the system and bring that image back here. Then build an identical system here and upgrade it. Or reinstall a new system here and ship the harddrive. Problem is just that I don't have skilled people on-site to install the new harddrives... Other options include using another UNIX system on-site (I have Solaris machines is all locations) and put a modem on that machine, then I should be able to use a serial console to control the firewall. This may seem involved, but the time and money to travel and do the updates on-site makes it worth while investigating.
In general, updating from 7.1 to 8.1 probably won't work very good because they differ far too much. A firewall doesn't have much config on it anyway, so it is easier to start with a fresh installation.
This is actually the question that I'd like some help with from this mailing list. What works, what doesn't work ? Thanks -- Daniel Nilsson Signal Integrity Software Inc.