mike at ascendency.net
Thu Feb 16 13:18:19 PST 2006
Giorgos Keramidas <mailto:keramida at ceid.upatras.gr> wrote:
> On 2006-02-16 14:32, Mike Loiterman <mike at ascendency.net> wrote:
>> Wouter Spierenburg <mailto:wouter at spierenburg.net> wrote:
>>> Try adding the following to /etc/sysctl.conf:
>>> then 'cd' to /usr/src/sys/i386/conf
>>> cp GENERIC SERVER
>>> vi SERVER
>>> and add the following lines at the bottom of the file: options
>>> TCPDEBUG options RANDOM_IP_ID
>>> options TCP_DROP_SYNFIN
>>> options NMBCLUSTERS=65535
>>> options NMBUFS=40960
>>> save the file, and follow these steps:
>>> /usr/sbin/config -g SERVER
>>> cd ../../compile/SERVER
>>> make depend
>>> make install
>>> #if all went well:
>>> The system will then come back up with tuned parameters, allowing
>>> more in/outbound connections and better packethandling.
>> Before I make these changes, I would like to just get a second
>> opinion from the list about their value and what impact, if any,
>> they might have on system stability, compatibility, etc.
>> Wouter, please do not take offense to this! I sincerely appreciate
>> your advice, but this is a production system, so I'm careful about
>> what changes I make when I don't explicitly understand what is going
>> on. I'm not familure with a few of those options.
> I'm not sure if the options are useful for your setup, so I'm
> not going
> to comment for or against them.
Well, the server is an email/web server primarily. Not a huge load, but I
want to be hardened against DOS attacks...would these help?
Email: mike at ascendency.net
PGP Key: 0xD1B9D18E
More information about the freebsd-questions