From owner-freebsd-stable@FreeBSD.ORG Fri May 27 18:31:34 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A81316A41C for ; Fri, 27 May 2005 18:31:34 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C02343D1D for ; Fri, 27 May 2005 18:31:33 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so418552rng for ; Fri, 27 May 2005 11:31:33 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=V2g3QH6s9ijCaZjh4SHR6byM1pQ9Xgfri2QDau9/H3oUrtoW+eG61ePfWw+k6Q04xAye/UQb00Y5IZGHg7DD/a99b4njKLtFozRMi2SmiasgGV8PyQ2VTNEAdK0OXgFOg10qtxS5dbp7jr9sCUX/+Yys2qRT5ntCEi05ZeuTWFQ= Received: by 10.38.67.10 with SMTP id p10mr3959120rna; Fri, 27 May 2005 11:31:32 -0700 (PDT) Received: by 10.39.1.40 with HTTP; Fri, 27 May 2005 11:31:32 -0700 (PDT) Message-ID: <3aaaa3a050527113122eb3e52@mail.gmail.com> Date: Fri, 27 May 2005 19:31:32 +0100 From: Chris To: Jovan Ross In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 5.4 Dropping off Network X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2005 18:31:34 -0000 On 5/27/05, Jovan Ross wrote: > I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes = of > 5 or 6 days - sometimes 10 or 11, then, without freezing the machine > totally, it stops responding to network traffic. I get DOS attacked every > once and a while and my logs are also filled with failed auths from passw= ord > crackers but it seems that I have the worst effects from it. I don't have > any web traffic yet b/c this is my development machine. I have portsentry > with a default open firewall config running. I even took the firewall & > portsentry off and I get the same problem. I am new to FreeBSD and have d= one > the standard security procedures that new ones are advised to do: >=20 > enabled secure level 1 > syslogd -ss > no portmap > ssh protocol 2 > no inetd (could this help my server get up again if it loses connectivity= or > a service fails?) > no ftpd > no ntpd >=20 > sysctl: > log in vain tcp/udp > blackhole 2 tcp > blackhole 1 udp > ip rtexpire 2 > ip rtminexpire 2 > nmbclusters 81920 > maxfiles 32768 > maxfilesperproc 32768 > maxusers 512 > somaxconn 1024 > tcp sendspace 8192 > tcp recvspace 16384 > tcp always_keepalive 1 > maxsockets 163840 > maxsockbuf 2097152 >=20 > Am I missing something? I want to experience the stability that I've been > hearing from FreeBSD users but have not been able to achieve it. Could th= ere > possibly be a setting that says basically: "In case of attack deny all > connections?" I know I may be stretching it but I've exhausted all my oth= er > ideas. >=20 > Please let me know if you need any information - I will gladly send > anything. >=20 nmbclusters 81920 is too high is the 0 a typo? 8192 or 16384 is good. maxfiles 65535 is good if you have the ram for it, in most cases yes. somaxconn 8192, is what I use running ircd servers that also get ddos'd. tcp sendspace 32768 or 65535 depending on ram in machine tcp recvspace 65535 if you have network instability try disabling giant functions and device polling as well, enable syncookies, drop syn+fin, drop all uneeded traffic with ipfw, disable adaptive mutexes. Chris