Mysterious reboot
Mike Loiterman
mike at ascendency.net
Thu Feb 16 13:18:19 PST 2006
Giorgos Keramidas <mailto:keramida at ceid.upatras.gr> wrote:
> On 2006-02-16 14:32, Mike Loiterman <mike at ascendency.net> wrote:
>> Wouter Spierenburg <mailto:wouter at spierenburg.net> wrote:
>>> Try adding the following to /etc/sysctl.conf:
>>>
>>> kern.maxfiles=65535
>>> kern.maxfilesperproc=20000
>>> net.inet.tcp.delayed_ack=0
>>> net.inet.ip.maxfragpackets=10
>>> kern.ipc.somaxconn=2048
>>>
>>> then 'cd' to /usr/src/sys/i386/conf
>>> cp GENERIC SERVER
>>> vi SERVER
>>>
>>> and add the following lines at the bottom of the file: options
>>> TCPDEBUG options RANDOM_IP_ID
>>> options TCP_DROP_SYNFIN
>>> options NMBCLUSTERS=65535
>>> options NMBUFS=40960
>>>
>>> save the file, and follow these steps:
>>>
>>> /usr/sbin/config -g SERVER
>>> cd ../../compile/SERVER
>>> make depend
>>> make
>>> make install
>>> #if all went well:
>>> reboot
>>>
>>> The system will then come back up with tuned parameters, allowing
>>> more in/outbound connections and better packethandling.
>>
>> Before I make these changes, I would like to just get a second
>> opinion from the list about their value and what impact, if any,
>> they might have on system stability, compatibility, etc.
>>
>> Wouter, please do not take offense to this! I sincerely appreciate
>> your advice, but this is a production system, so I'm careful about
>> what changes I make when I don't explicitly understand what is going
>> on. I'm not familure with a few of those options.
>
> I'm not sure if the options are useful for your setup, so I'm
> not going
> to comment for or against them.
Well, the server is an email/web server primarily. Not a huge load, but I
want to be hardened against DOS attacks...would these help?
------------------------------
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-442-0992
Email: mike at ascendency.net
PGP Key: 0xD1B9D18E
More information about the freebsd-questions
mailing list