Date: Thu, 16 Feb 2006 15:18:14 -0600 From: "Mike Loiterman" <mike@ascendency.net> To: "'Giorgos Keramidas'" <keramida@ceid.upatras.gr> Cc: 'Wouter Spierenburg' <wouter@spierenburg.net>, freebsd-questions@freebsd.org Subject: RE: Mysterious reboot Message-ID: <022b01c6333e$8058ccd0$0401a8c0@Mike8500> In-Reply-To: <20060216205715.GA2465@flame.pc>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas <mailto:keramida@ceid.upatras.gr> wrote: > On 2006-02-16 14:32, Mike Loiterman <mike@ascendency.net> wrote: >> Wouter Spierenburg <mailto:wouter@spierenburg.net> wrote: >>> Try adding the following to /etc/sysctl.conf: >>> >>> kern.maxfiles=65535 >>> kern.maxfilesperproc=20000 >>> net.inet.tcp.delayed_ack=0 >>> net.inet.ip.maxfragpackets=10 >>> kern.ipc.somaxconn=2048 >>> >>> then 'cd' to /usr/src/sys/i386/conf >>> cp GENERIC SERVER >>> vi SERVER >>> >>> and add the following lines at the bottom of the file: options >>> TCPDEBUG options RANDOM_IP_ID >>> options TCP_DROP_SYNFIN >>> options NMBCLUSTERS=65535 >>> options NMBUFS=40960 >>> >>> save the file, and follow these steps: >>> >>> /usr/sbin/config -g SERVER >>> cd ../../compile/SERVER >>> make depend >>> make >>> make install >>> #if all went well: >>> reboot >>> >>> The system will then come back up with tuned parameters, allowing >>> more in/outbound connections and better packethandling. >> >> Before I make these changes, I would like to just get a second >> opinion from the list about their value and what impact, if any, >> they might have on system stability, compatibility, etc. >> >> Wouter, please do not take offense to this! I sincerely appreciate >> your advice, but this is a production system, so I'm careful about >> what changes I make when I don't explicitly understand what is going >> on. I'm not familure with a few of those options. > > I'm not sure if the options are useful for your setup, so I'm > not going > to comment for or against them. Well, the server is an email/web server primarily. Not a huge load, but I want to be hardened against DOS attacks...would these help? ------------------------------ Mike Loiterman grantADLER Tel: 630-302-4944 Fax: 773-442-0992 Email: mike@ascendency.net PGP Key: 0xD1B9D18E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?022b01c6333e$8058ccd0$0401a8c0>