CERN Accelerating science

Linux Network Problems

  Lionel Cons IT/DIS

The IT/CS (Communications Systems) group has detected a growing number of PCs running Linux that were misconfigured and were causing network problems. With the growth of the Linux population at CERN, these problems must be addressed now.

The first problem is that some Linux boxes are configured with the IP forwarding option enabled. This means that they act a bit like routers and they will ignore ICMP redirect packets, causing unnecessary network traffic. You can check the status of the IP forwarding option with the command
"grep IP_FORWARD /usr/include/linux/autoconf.h"
which will return #undef if it is disabled or #define if it is enabled. It should of course be #undef. You currently need to rebuild the kernel to change this option.

The second problem is that some packages (like Samba) can make a Linux PC look like a Novell/IPX File Server or Print Server. When misconfigured in this way, the Linux PC will then prevent other NICE Windows PCs from booting! (See also the "Questions and Answers from the UCO" section in this CNL). For a "normal" Linux PC, we do not recommend such packages: you should not select them when installing the system or remove them afterwards. If you really want to turn your PC into a Novell server, you should first contact the NICE team (nice.support@cern.ch) to make sure that it is really the right thing to do. You should then make sure that the packages are well configured and do not send useless broadcasts.

Finally, most Linux X-servers (like any other X-server or X-emulator) can be used to initiate a full XDM session with the command line option -query. If you use this feature, please make sure that you do not use the -broadcast option that would cause hundreds of machines on the CERN network to reply to you.

The IT/DIS/OSE (Open System Environment) section is working on automatic procedures to make sure that Linux PCs are good net-citizens. More information will be published soon.