FreeBSD 5.4 Dropping off Network
Chris
chrcoluk at gmail.com
Fri May 27 11:31:34 PDT 2005
On 5/27/05, Jovan Ross <jovanross at msn.com> wrote:
> I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes of
> 5 or 6 days - sometimes 10 or 11, then, without freezing the machine
> totally, it stops responding to network traffic. I get DOS attacked every
> once and a while and my logs are also filled with failed auths from password
> crackers but it seems that I have the worst effects from it. I don't have
> any web traffic yet b/c this is my development machine. I have portsentry
> with a default open firewall config running. I even took the firewall &
> portsentry off and I get the same problem. I am new to FreeBSD and have done
> the standard security procedures that new ones are advised to do:
>
> enabled secure level 1
> syslogd -ss
> no portmap
> ssh protocol 2
> no inetd (could this help my server get up again if it loses connectivity or
> a service fails?)
> no ftpd
> no ntpd
>
> sysctl:
> log in vain tcp/udp
> blackhole 2 tcp
> blackhole 1 udp
> ip rtexpire 2
> ip rtminexpire 2
> nmbclusters 81920
> maxfiles 32768
> maxfilesperproc 32768
> maxusers 512
> somaxconn 1024
> tcp sendspace 8192
> tcp recvspace 16384
> tcp always_keepalive 1
> maxsockets 163840
> maxsockbuf 2097152
>
> Am I missing something? I want to experience the stability that I've been
> hearing from FreeBSD users but have not been able to achieve it. Could there
> possibly be a setting that says basically: "In case of attack deny all
> connections?" I know I may be stretching it but I've exhausted all my other
> ideas.
>
> Please let me know if you need any information - I will gladly send
> anything.
>
nmbclusters 81920 is too high is the 0 a typo? 8192 or 16384 is good.
maxfiles 65535 is good if you have the ram for it, in most cases yes.
somaxconn 8192, is what I use running ircd servers that also get ddos'd.
tcp sendspace 32768 or 65535 depending on ram in machine
tcp recvspace 65535
if you have network instability try disabling giant functions and
device polling as well, enable syncookies, drop syn+fin, drop all
uneeded traffic with ipfw, disable adaptive mutexes.
Chris
More information about the freebsd-stable
mailing list