From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 21:18:19 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 696BC16A420 for ; Thu, 16 Feb 2006 21:18:19 +0000 (GMT) (envelope-from mike@ascendency.net) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 122A743D46 for ; Thu, 16 Feb 2006 21:18:18 +0000 (GMT) (envelope-from mike@ascendency.net) Received: from eisenhower.ascendency.net ([67.173.128.145]) by comcast.net (rwcrmhc13) with ESMTP id <20060216211817m1300fk0hre>; Thu, 16 Feb 2006 21:18:17 +0000 Received: from Mike8500 (ipcop.localdomain [192.168.1.1]) (authenticated bits=0) by eisenhower.ascendency.net (8.13.4/8.13.4) with ESMTP id k1GLIFiB058953 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Thu, 16 Feb 2006 15:18:15 -0600 (CST) (envelope-from mike@ascendency.net) From: "Mike Loiterman" To: "'Giorgos Keramidas'" Date: Thu, 16 Feb 2006 15:18:14 -0600 Message-ID: <022b01c6333e$8058ccd0$0401a8c0@Mike8500> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Thread-Index: AcYzPQNqLsNILQSnReuqDTrDEl51ZAAAV/bg In-Reply-To: <20060216205715.GA2465@flame.pc> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (eisenhower.ascendency.net [192.168.1.22]); Thu, 16 Feb 2006 15:18:16 -0600 (CST) Cc: 'Wouter Spierenburg' , freebsd-questions@freebsd.org Subject: RE: Mysterious reboot X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mike@ascendency.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 21:18:19 -0000 Giorgos Keramidas wrote: > On 2006-02-16 14:32, Mike Loiterman wrote: >> Wouter Spierenburg wrote: >>> Try adding the following to /etc/sysctl.conf: >>> >>> kern.maxfiles=65535 >>> kern.maxfilesperproc=20000 >>> net.inet.tcp.delayed_ack=0 >>> net.inet.ip.maxfragpackets=10 >>> kern.ipc.somaxconn=2048 >>> >>> then 'cd' to /usr/src/sys/i386/conf >>> cp GENERIC SERVER >>> vi SERVER >>> >>> and add the following lines at the bottom of the file: options >>> TCPDEBUG options RANDOM_IP_ID >>> options TCP_DROP_SYNFIN >>> options NMBCLUSTERS=65535 >>> options NMBUFS=40960 >>> >>> save the file, and follow these steps: >>> >>> /usr/sbin/config -g SERVER >>> cd ../../compile/SERVER >>> make depend >>> make >>> make install >>> #if all went well: >>> reboot >>> >>> The system will then come back up with tuned parameters, allowing >>> more in/outbound connections and better packethandling. >> >> Before I make these changes, I would like to just get a second >> opinion from the list about their value and what impact, if any, >> they might have on system stability, compatibility, etc. >> >> Wouter, please do not take offense to this! I sincerely appreciate >> your advice, but this is a production system, so I'm careful about >> what changes I make when I don't explicitly understand what is going >> on. I'm not familure with a few of those options. > > I'm not sure if the options are useful for your setup, so I'm > not going > to comment for or against them. Well, the server is an email/web server primarily. Not a huge load, but I want to be hardened against DOS attacks...would these help? ------------------------------ Mike Loiterman grantADLER Tel: 630-302-4944 Fax: 773-442-0992 Email: mike@ascendency.net PGP Key: 0xD1B9D18E