Giorgos Keramidas <mailto:[EMAIL PROTECTED]> wrote: > On 2006-02-16 14:32, Mike Loiterman <[EMAIL PROTECTED]> wrote: >> Wouter Spierenburg <mailto:[EMAIL PROTECTED]> wrote: >>> Try adding the following to /etc/sysctl.conf: >>> >>> kern.maxfiles=65535 >>> kern.maxfilesperproc=20000 >>> net.inet.tcp.delayed_ack=0 >>> net.inet.ip.maxfragpackets=10 >>> kern.ipc.somaxconn=2048 >>> >>> then 'cd' to /usr/src/sys/i386/conf >>> cp GENERIC SERVER >>> vi SERVER >>> >>> and add the following lines at the bottom of the file: options >>> TCPDEBUG options RANDOM_IP_ID >>> options TCP_DROP_SYNFIN >>> options NMBCLUSTERS=65535 >>> options NMBUFS=40960 >>> >>> save the file, and follow these steps: >>> >>> /usr/sbin/config -g SERVER >>> cd ../../compile/SERVER >>> make depend >>> make >>> make install >>> #if all went well: >>> reboot >>> >>> The system will then come back up with tuned parameters, allowing >>> more in/outbound connections and better packethandling. >> >> Before I make these changes, I would like to just get a second >> opinion from the list about their value and what impact, if any, >> they might have on system stability, compatibility, etc. >> >> Wouter, please do not take offense to this! I sincerely appreciate >> your advice, but this is a production system, so I'm careful about >> what changes I make when I don't explicitly understand what is going >> on. I'm not familure with a few of those options. > > I'm not sure if the options are useful for your setup, so I'm > not going > to comment for or against them.
Well, the server is an email/web server primarily. Not a huge load, but I want to be hardened against DOS attacks...would these help? ------------------------------ Mike Loiterman grantADLER Tel: 630-302-4944 Fax: 773-442-0992 Email: [EMAIL PROTECTED] PGP Key: 0xD1B9D18E _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
