Date: Fri, 27 May 2005 19:31:32 +0100 From: Chris <chrcoluk@gmail.com> To: Jovan Ross <jovanross@msn.com> Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD 5.4 Dropping off Network Message-ID: <3aaaa3a050527113122eb3e52@mail.gmail.com> In-Reply-To: <BAY107-F866C0BE7F335BA21587C9A4000@phx.gbl> References: <BAY107-F866C0BE7F335BA21587C9A4000@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/27/05, Jovan Ross <jovanross@msn.com> wrote: > I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes = of > 5 or 6 days - sometimes 10 or 11, then, without freezing the machine > totally, it stops responding to network traffic. I get DOS attacked every > once and a while and my logs are also filled with failed auths from passw= ord > crackers but it seems that I have the worst effects from it. I don't have > any web traffic yet b/c this is my development machine. I have portsentry > with a default open firewall config running. I even took the firewall & > portsentry off and I get the same problem. I am new to FreeBSD and have d= one > the standard security procedures that new ones are advised to do: >=20 > enabled secure level 1 > syslogd -ss > no portmap > ssh protocol 2 > no inetd (could this help my server get up again if it loses connectivity= or > a service fails?) > no ftpd > no ntpd >=20 > sysctl: > log in vain tcp/udp > blackhole 2 tcp > blackhole 1 udp > ip rtexpire 2 > ip rtminexpire 2 > nmbclusters 81920 > maxfiles 32768 > maxfilesperproc 32768 > maxusers 512 > somaxconn 1024 > tcp sendspace 8192 > tcp recvspace 16384 > tcp always_keepalive 1 > maxsockets 163840 > maxsockbuf 2097152 >=20 > Am I missing something? I want to experience the stability that I've been > hearing from FreeBSD users but have not been able to achieve it. Could th= ere > possibly be a setting that says basically: "In case of attack deny all > connections?" I know I may be stretching it but I've exhausted all my oth= er > ideas. >=20 > Please let me know if you need any information - I will gladly send > anything. >=20 nmbclusters 81920 is too high is the 0 a typo? 8192 or 16384 is good. maxfiles 65535 is good if you have the ram for it, in most cases yes. somaxconn 8192, is what I use running ircd servers that also get ddos'd. tcp sendspace 32768 or 65535 depending on ram in machine tcp recvspace 65535 if you have network instability try disabling giant functions and device polling as well, enable syncookies, drop syn+fin, drop all uneeded traffic with ipfw, disable adaptive mutexes. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aaaa3a050527113122eb3e52>