Configure Networking

The basic networking -- IP name, address, and netmask -- should have been set by EZsetup. If you didn't, or something broke, this will briefly show you what you need to change. Then, other configuration parameters will be shown.

EZsetup should have changed...

/etc/sys_id: hostname

EZsetup should have set /etc/sys_id to be the Internet name of the machine; I prefer Fully Qualified Domain Names like wirehead.hq.nasa.gov to simple hostnames like wirehead; I've found some software that doesn't work without it.

/etc/hosts: IP address

This hostname mapped to the system's IP address in /etc/hosts with a line like

131.182.121.88	wirehead.hq.nasa.gov	wirehead
I like the FQDN first, as this is supposed to be the official name of the host.

netmask should have been set, but...

EZsetup is supposed to set the netmask, but I find it doesn't do this reliably. Perhaps this is because we do not use the default. We'll cover that next anyway to be sure.

Final network configuration

Once the IP address and name are assigned, the netmask, default route, and resolver information can be specified. This should put your machine on the net so you can reach other hosts, perhaps to download security-relates software like tcp_wrappers.

Netmask and broadcast addresses

The netmask specifies how many bits of the IP address should be considered the address part, and how much the host. The broadcast address is related to this and specifies what bits indicate an address used for broadcasting information to all hosts on the given network.

The IP range at NASA/HQ is a Class B address, 131.182.0.0, and the SGI properly defaults to the Class B netmask (255.255.0.0) and broadcast address (131.182.255.255). But since HQ uses Class C subnetting, this needs to be overridden in the /etc/config/ifconfig-1.options file as:

netmask 255.255.255.0 broadcast 131.182.121.255
This indicates that the first three bytes of an IP address are treated as the network number and the last specifies the host. Broadcasts are sent to all hosts on our (subnetted) network.

Before doing this, we experienced time-outs, net-lossage, etc, especially from NFS. We also could not get NIS clients to bind to their NIS master -- apparantly, the broadcast failed to attract the attention of the server.

Default route

Specify your router in /etc/gateways as appropriate to your environment; for example, we use:

net 0.0.0.0	gateway 131.182.121.1	metric 1	passive
This says that to set the default route to the specified gateway, that the router is 1 hop away, and is passive (doesn't advertise its presence?).

Resolver

Edit /etc/resolv.conf to specify your Internet domain name, nameservers, and the sequence to use for hostname resolution. I don't like NIS, but I like to be able to access machines in my /etc/hosts file if I'm trying to outsmart BIND. So my /etc/resolv.conffile looks like:
hostresorder	bind local
domain		hq.nasa.gov
nameserver	131.182.1.28
nameserver	131.182.230.28
nameserver	128.102.16.2

Caution!

Don't use these numbers unless they're right for you -- unlikely. Use numbers appropriate for site and subnet.

Now Close Some Network Security Holes

[more later...??]
Chris Shenton