Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Feb 2006 15:18:14 -0600
From:      "Mike Loiterman" <mike@ascendency.net>
To:        "'Giorgos Keramidas'" <keramida@ceid.upatras.gr>
Cc:        'Wouter Spierenburg' <wouter@spierenburg.net>, freebsd-questions@freebsd.org
Subject:   RE: Mysterious reboot
Message-ID:  <022b01c6333e$8058ccd0$0401a8c0@Mike8500>
In-Reply-To: <20060216205715.GA2465@flame.pc>
next in thread | previous in thread | raw e-mail | index | archive | help 
Giorgos Keramidas <mailto:keramida@ceid.upatras.gr> wrote:
> On 2006-02-16 14:32, Mike Loiterman <mike@ascendency.net> wrote:
>> Wouter Spierenburg <mailto:wouter@spierenburg.net> wrote:
>>> Try adding the following to /etc/sysctl.conf:
>>> 
>>> kern.maxfiles=65535
>>> kern.maxfilesperproc=20000
>>> net.inet.tcp.delayed_ack=0
>>> net.inet.ip.maxfragpackets=10
>>> kern.ipc.somaxconn=2048
>>> 
>>> then 'cd' to /usr/src/sys/i386/conf
>>> cp GENERIC SERVER
>>> vi SERVER
>>> 
>>> and add the following lines at the bottom of the file: options     
>>> TCPDEBUG options         RANDOM_IP_ID
>>> options         TCP_DROP_SYNFIN
>>> options         NMBCLUSTERS=65535
>>> options         NMBUFS=40960
>>> 
>>> save the file, and follow these steps:
>>> 
>>> /usr/sbin/config -g SERVER
>>> cd ../../compile/SERVER
>>> make depend
>>> make
>>> make install
>>> #if all went well:
>>> reboot
>>> 
>>> The system will then come back up with tuned parameters, allowing
>>> more in/outbound connections and better packethandling.
>> 
>> Before I make these changes, I would like to just get a second
>> opinion from the list about their value and what impact, if any,
>> they might have on system stability, compatibility, etc.
>> 
>> Wouter, please do not take offense to this!  I sincerely appreciate
>> your advice, but this is a production system, so I'm careful about
>> what changes I make when I don't explicitly understand what is going
>> on. I'm not familure with a few of those options.
> 
> I'm not sure if the options are useful for your setup, so I'm
> not going
> to comment for or against them.

Well, the server is an email/web server primarily.  Not a huge load, but I
want to be hardened against DOS attacks...would these help?

------------------------------
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-442-0992
Email: mike@ascendency.net
PGP Key: 0xD1B9D18E

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?022b01c6333e$8058ccd0$0401a8c0>