Berkeley CIS
 
Ernest Orlando Lawrence Berkeley National Laboratory


Unix Configuration


1. When your system arrives, consider getting support from the LBL Unix Systems Support Group - x7005 - Hua-Pei Chen, HPChen@lbl.gov, 50F-144

2. Request that your system be physically connected to LBLnet - x4559 - LBLnet Operations, net-install@lbl.gov , 50B-2258

3. Request an Internet (ip) address and host name assignment for your system - LBLnet Home Page or ip-request@lbl.gov

4. After your system has been connected to LBLnet, and it has been assigned an ip address, configure your system for a proper connection to LBLnet as follows:

(Jump to one of the following subsections if you know what you're looking for: Host Name, Internet (ip) Address, Trailers, Subnet Mask, Routing, IP Forwarding, System Status Server - "rwhod", Trivial File Transfer Protocol Server - "tftpd", Electronic Mail, UDP Checksums)

  1. Host Name When you are installing an UNIX system, you will probably be prompted for its desired internet host name. Otherwise, the installation instructions will state in which file your host's name should be entered. Try to enter the full host name, "hostname.lbl.gov" or "hostname.subdomainname.lbl.gov". If the system won't accept the full host name, enter the short host name.
  2. Internet (ip) Address You will also be prompted for an IP address, or the instructions will tell you which file to enter it into. On many UNIX systems the internet address is an argument to an "ifconfig" command in a start-up or boot file, but it may be an entry in a network configuration file.
  3. Trailers The configuration of an Ethernet Interface offers a choice between including or not including a trailer link level encapsulation. Since some systems can not deal with such trailers, you should disable them by including "-trailers" as an argument to a "ifconfig" command, or as an option in a network configuration file, depending on your system.
  4. Subnet Mask LBLnet is divided into many subnets. This requires the Ethernet interfaces of each system be configured with a subnet mask. If your internet address begins with 128.3, your system is on the bridged network, and you must configure your Ethernet interface with the subnet mask 255.255.252.0, or 0xfffffc00 if your system does not support the dot (".") notation. Thus, on the "ifconfig" command line, or in the appropriate network file, include the configuration option "netmask 255.255.252.0" or "netmask 0xfffffc00". As an example, if EID is the name of your system's Ethernet interface device, the "ifconfig" command line would look like: ifconfig EID 128.3.NNN.MMM netmask 255.255.252.0 -trailers up If your internet address begins with 131.243, your system is on the routed backbone, and you should configure your Ethernet interface with the subnet mask 255.255.255.0, or 0xffffff00 if your system does not support the dot (".") notation. Thus, on the "ifconfig" command line, or in the appropriate network file, include the configuration option "netmask 255.255.255.0" or "netmask 0xffffff00". As an example, if EID is the name of your system's Ethernet interface device, the "ifconfig" command line would look like: ifconfig EID 131.243.NNN.MMM netmask 255.255.255.0 -trailers up Note that some 131.243 subnets are now using the 6-bit subnet mask 255.255.252.0. You will hopefully be told the proper subnet mask when you ask or your ip address. Similarly, for both 128.3 and 131.243 networks, there are several very special subnets, e.g., for ISDN service, which require very different masks. Again, hopefully you will be appropriately instructed when being assigned an ip address.
  5. Routing Your system should not typically need to dynamically manage its network routing tables by running a routing daemon, or the server "routed". Furthermore, we disallow the use of "routed" because an improperly operating system may perform illegal routing and have an adverse impact on the functioning of the entire LBLnet. Any exceptions to this rule MUST be presented to, and be expressly approved by, the LBLnet Manager. Simply disable "routed" by renaming or removing the file /etc/routed, /etc/in.routed, or /usr/etc/in.routed. Next, you should provide your system with network routing by adding static routing commands to your start-up or boot files that direct the network packets from your system to specific hosts for forwarding to other networks and subnetworks. We specifically recommend that you add a routing command to your local start-up file (usually /etc/rc.local) that defines the local router on your subnet for going off subnet, e.g.: /etc/route add default 128.3.254.146 1 where the "128.3.254.146" is the internet address of the local router for the "bridged subnet" 128.3.252. After this command is entered, proper network routing for your system will occur. Add the command after the "ifconfig" and/or "routed" commands in /etc/rc.local. For most other subnets (but not all) the local router address is 131.243.xxx.1 or 128.3.xxx.1. However, you may find out by looking at the LBLnet Home Page.
  6. IP Forwarding If your system is a Sun, and is specifically not to be a gateway, thus not needing to do IP packet forwarding, you MUST turn it off. For SunOS 4.1.x perform the following: Login to the Sun system console as root and type in the following commands: # adb -k -w /vmunix /dev/mem ipforwarding?W0 ipforwarding/W0 ^D (Control-D) It's also a good idea to patch your system distribution so that this problem remains fixed when you generate a new vmunix: if running SunOS 3.X # cd /usr/sys/OBJ if running SunOS 4.X # cd /usr/sys/`arch`/OBJ then for both SunOS 3.X and 4.0 # mv ip_input.o ip_input.o.virgin # cp ip_input.o.virgin ip_input.o # adb -w ip_input.o ipforwarding?W0 ^D (Control-D) For Solaris perform the following: To disable IP Forwarding on Solaris 2.x, add the following line to the file /etc/init.d/inetinit in the section labeled "Set configurable parameters": ndd -set /dev/ip ip_forwarding 0
  7. System Status Server - "rwhod" This daemon or server broadcasts status messages fairly frequently to all systems on its network. If all systems are doing the same thing, it creates a flood of broadcast packets that can overload the network interfaces of some systems. The "rwhod" command must not be run on any system connected to LBLnet. Disable "rwhod" on your system by renaming or removing the appropriate file: /etc/rwhod, /usr/etc/in.rwhod, or /usr/sbin/in.rwhod.
  8. Trivial File Transfer Protocol Server - "tftpd" This daemon or server performs no authentication checks for any user or host that accesses your systems by the "tftp" command. Therefore, unless your system is a Sun computer running SunOS and supporting diskless workstations, you probably do not need it. Disable "tftpd" by removing or commenting out the "tftpd" line in the /etc/inetd.conf, /etc/servers, or /etc/services file.
  9. Electronic Mail Make sure that mail to "root" on your system will be read by a system manager -- preferably more than one person. If it is possible to forward mail on your system, you should forward root's mail to all who have system management responsibility. On a lot of systems this is easily done by including a line such as "root:manager1,manager2" in the mailer's aliases file where "manager1" and "manager2" are the login names of the system managers. Sending mail to "root" on UNIX systems is a common method by which we communicate with system managers regarding LBLnet.
  10. UDP Checksums If your system is a Sun running SunOS 4.1.x, you should enable UDP checksums. The NFS protocol uses the UDP transport. By default, Sun turns off checksums on UDP. This can result in corrupt NFS data packets (although the chances are slim, we have seen this at LBL). To enable UDP checksums, add the following line to /etc/rc.local and reboot: echo 'udp_cksum/w1' | adb -kw /vmunix /dev/mem If you have any questions regarding the above procedures, send email to trouble@lbl.gov; the Unix Support Group will be glad to help you. The Unix Support Group would also like to help you make your system more secure. Please send mail to trouble@lbl.gov asking for network security information. We will contact you and provide you with information on how to make your system more resistant to invasion by worms, viruses, and unwelcome strangers. LBLnet staff strongly recommend that you seek the help of professional Unix system management staff (i.e., the Unix Support Group) to help guarantee that your efforts go smoothly, and have a minimal impact on the rest of LBL user's and support staff. If you have network problems, call LBLnet Operations at X4559, or by sending email to trouble@lbl.gov or lblnet@lbl.gov.

    Copyright © & Disclaimer