ASISUpdateUp: cnl227.html Previous: Desktop Infrastructure Services Group
Lionel Cons IT/DIS
The IT/CS (Communications Systems) group has detected a growing number of PCs running Linux that were misconfigured and were causing network problems. With the growth of the Linux population at CERN, these problems must be addressed now.
The first problem is that some Linux boxes are configured with the IP
forwarding option enabled. This means that they act a bit like routers
and they will ignore ICMP redirect packets, causing unnecessary
network traffic. You can check the status of the IP forwarding option
with the command
"grep IP_FORWARD /usr/include/linux/autoconf.h"
which will return
#undef if it is disabled or
#define if it is enabled.
It should of course be
#undef. You currently need to rebuild
the kernel to change this option.
The second problem is that some packages (like Samba)
can make a Linux
PC look like a Novell/IPX File Server or
Print Server. When
misconfigured in this way, the Linux PC will then prevent other NICE
Windows PCs from booting! (See also the
"Questions and Answers from the UCO"
section in this CNL).
For a "normal" Linux PC, we do not recommend such
packages: you should not select them when installing the system or
remove them afterwards. If you really want to turn your PC into a
Novell server, you should first contact the NICE team
to make sure that it is really the right thing
to do. You should then make sure that the packages are well configured
and do not send useless broadcasts.
Finally, most Linux X-servers (like any other X-server or X-emulator)
can be used to initiate a full XDM session with the command line
-query. If you use this feature, please make sure that you
do not use the
-broadcast option that would cause
hundreds of machines
on the CERN network to reply to you.
The IT/DIS/OSE (Open System Environment) section is working on automatic procedures to make sure that Linux PCs are good net-citizens. More information will be published soon.