Knowledgebase
|
How to tweek sysctl.conf
Posted by Mike C. on 11 September 2009 11:53 PM
|
|
|
This article will not go in to detail on what settings to use but I will show you how to find out what settings are the best for you. The first thing you need to realize is the importance of sysctl options. There are many default options that do not allow for a lot of resources and bandwidth. I do not know why FreeBSD has these as the defaults but they need to be altered. Here is an example for you to look at: security.bsd.see_other_uids=0 kern.ps_showallprocs=0 kern.fallback_elf_brand=3 kern.maxprocperuid=200 kern.maxfiles=65536 kern.maxfilesperproc=2000 kern.ipc.somaxconn=32768 kern.ipc.maxsockbuf=10485760 kern.ipc.maxsockets=163840 kern.ipc.nmbclusters=65536 net.link.ether.inet.max_age=1200 net.link.ether.inet.log_arp_wrong_iface=0 net.local.stream.sendspace=65536 net.local.stream.recvspace=65536 net.inet.ip.check_interface=1 net.inet.ip.rtminexpire=2 net.inet.ip.rtexpire=10 net.inet.ip.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.inet.tcp.log_in_vain=1 net.inet.tcp.rfc1323=1 net.inet.tcp.msl=7500 net.inet.tcp.blackhole=2 net.inet.tcp.delayed_ack=0 net.inet.tcp.sendspace=65536 net.inet.tcp.recvspace=65536 net.inet.tcp.icmp_may_rst=0 net.inet.tcp.inflight_enable=1 net.inet.tcp.syncookies=0 net.inet.udp.log_in_vain=1 net.inet.udp.blackhole=1 net.inet.udp.recvspace=65536 net.inet.udp.maxdgram=57344 net.inet.icmp.icmplim=200 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 net.inet6.ip6.forwarding=1 net.isr.enable=1 You might get the bright idea to copy this in to your sysctl.conf but understand that some of these options might not be right for you. To read more into it go to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-sysctl.html and look it over. There is a lot of great tweeks that you can do that will make your server perform better. This also may prevent some types of denial of service attacks. Its more important to realise the existance of sysctl.conf and the different options that are available to you than anything. This article should point you in the right direction. | |
 (468 vote(s)) Helpful Not helpful |
Comments (0)