FreeBSD Server Settings Consult

[Free BSD]

We've been having some problems with our server and I was wondering if
someone had any advice or suggestions for our current system settings.

# cat /etc/sysctl.conf

kern.ipc.maxsockbuf=1048576
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
net.local.stream.recvspace=65536
net.local.stream.sendspace=65536
net.inet.udp.recvspace=65536
net.inet.udp.maxdgram=65535
kern.ipc.somaxconn=8192
kern.maxvnodes=132072
kern.maxfiles=65535
kern.maxfilesperproc=65536
net.inet.tcp.msl=7500
net.inet.tcp.mssdflt=1460
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
kern.fallback_elf_brand=3
net.inet.tcp.newreno=1
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.ip.check_interface=0
vfs.vmiodirenable=1
net.inet.ip.portrange.randomized=1
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=500
kern.randompid=89061
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=0
net.inet.ip.random_id=89061
net.inet.ip.rtexpire=2
net.inet.ip.rtmaxcache=256
net.inet.ip.rtminexpire=2
net.inet.tcp.blackhole=2
net.inet.tcp.icmp_may_rst=0
net.inet.tcp.inflight.enable=0
net.inet.tcp.log_in_vain=0
net.inet.tcp.sack.enable=1
net.inet.udp.blackhole=1
net.inet.udp.log_in_vain=0
net.link.ether.inet.log_arp_wrong_iface=0
net.link.ether.inet.max_age=1200


# cat /boot/loader.conf

kern.ipc.maxsockets=32768
kern.ipc.nmbclusters=32768
kern.ipc.nmbufs=131072
kern.ipc.shm_use_phys=1
kern.maxproc=8192
net.inet.tcp.tcbhashsize=16384
kern.maxfiles=65535
kern.maxfilesperproc=65536

# cat /etc/rc.conf (minus networking)

clear_tmp_enable="YES"
update_motd="NO"
tcp_extensions="YES"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
linux_enable="YES"
sshd_enable="NO"
usbd_enable="NO"

fsck_y_enable="YES"
oidentd_enable="YES"
pureftpd_enable="no"

syslogd_enable="YES"
syslogd_flags="-ss"

ntpd_enable="YES"
ntpd_flags="-4 -p/var/run/ntpd.pid"
tcp_keepalive="YES"
icmp_bmcastecho="NO"
icmp_bandlim=="YES"

portmap_enable="NO"
icmp_drop_redirect="YES"
quota_enable="YES"
check_quotas="YES"
#accounting_enable="YES"
named_program="/usr/sbin/named"
named_flags="-u bind -c /etc/namedb/named.conf"
named_enable="YES"
local_startup="/usr/local/etc/rc.d"
openssh_enable="YES"
openssh_flags="-4 -f/etc/ssh/sshd_config"
openssh_pidfile="/var/run/sshd.pid"
sendmail_enable="NO"
network_interfaces="rl0 lo0"
webmin_enable="YES"
dumpdev="AUTO"
dumpdir="/var/crash"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_authdaemond_enable="YES"
tor_enable="NO"
chkservd_enable="YES"
apop3d_enable="NO"