I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes of 5 or 6 days - sometimes 10 or 11, then, without freezing the machine totally, it stops responding to network traffic. I get DOS attacked every once and a while and my logs are also filled with failed auths from password crackers but it seems that I have the worst effects from it. I don't have any web traffic yet b/c this is my development machine. I have portsentry with a default open firewall config running. I even took the firewall & portsentry off and I get the same problem. I am new to FreeBSD and have done the standard security procedures that new ones are advised to do: enabled secure level 1 syslogd -ss no portmap ssh protocol 2 no inetd (could this help my server get up again if it loses connectivity or a service fails?) no ftpd no ntpd sysctl: log in vain tcp/udp blackhole 2 tcp blackhole 1 udp ip rtexpire 2 ip rtminexpire 2 nmbclusters 81920 maxfiles 32768 maxfilesperproc 32768 maxusers 512 somaxconn 1024 tcp sendspace 8192 tcp recvspace 16384 tcp always_keepalive 1 maxsockets 163840 maxsockbuf 2097152 Am I missing something? I want to experience the stability that I've been hearing from FreeBSD users but have not been able to achieve it. Could there possibly be a setting that says basically: "In case of attack deny all connections?" I know I may be stretching it but I've exhausted all my other ideas. Please let me know if you need any information - I will gladly send anything.
On 5/27/05, Jovan Ross <jovanross@msn.com> wrote:> I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes of > 5 or 6 days - sometimes 10 or 11, then, without freezing the machine > totally, it stops responding to network traffic. I get DOS attacked every > once and a while and my logs are also filled with failed auths from password > crackers but it seems that I have the worst effects from it. I don't have > any web traffic yet b/c this is my development machine. I have portsentry > with a default open firewall config running. I even took the firewall & > portsentry off and I get the same problem. I am new to FreeBSD and have done > the standard security procedures that new ones are advised to do: > > enabled secure level 1 > syslogd -ss > no portmap > ssh protocol 2 > no inetd (could this help my server get up again if it loses connectivity or > a service fails?) > no ftpd > no ntpd > > sysctl: > log in vain tcp/udp > blackhole 2 tcp > blackhole 1 udp > ip rtexpire 2 > ip rtminexpire 2 > nmbclusters 81920 > maxfiles 32768 > maxfilesperproc 32768 > maxusers 512 > somaxconn 1024 > tcp sendspace 8192 > tcp recvspace 16384 > tcp always_keepalive 1 > maxsockets 163840 > maxsockbuf 2097152 > > Am I missing something? I want to experience the stability that I've been > hearing from FreeBSD users but have not been able to achieve it. Could there > possibly be a setting that says basically: "In case of attack deny all > connections?" I know I may be stretching it but I've exhausted all my other > ideas. > > Please let me know if you need any information - I will gladly send > anything. >nmbclusters 81920 is too high is the 0 a typo? 8192 or 16384 is good. maxfiles 65535 is good if you have the ram for it, in most cases yes. somaxconn 8192, is what I use running ircd servers that also get ddos'd. tcp sendspace 32768 or 65535 depending on ram in machine tcp recvspace 65535 if you have network instability try disabling giant functions and device polling as well, enable syncookies, drop syn+fin, drop all uneeded traffic with ipfw, disable adaptive mutexes. Chris
Hi, Jovan, ? 2005-05-27?? 13:16 -0400?Jovan Ross???> I am experiencing problems keeping FreeBSD 5.4 connected. I have uptimes of > 5 or 6 days - sometimes 10 or 11, then, without freezing the machine > totally, it stops responding to network traffic. I get DOS attacked every > once and a while and my logs are also filled with failed auths from password > crackers but it seems that I have the worst effects from it. I don't have > any web traffic yet b/c this is my development machine. I have portsentry > with a default open firewall config running. I even took the firewall & > portsentry off and I get the same problem. I am new to FreeBSD and have done > the standard security procedures that new ones are advised to do:[snip] Your configuration looks reasonable to me. Would you please give us a look at your kernel configuration? Typically a SSH scan of password won't cause the problem you are describing, and this is likely to indicate some other problems, like: - Firewall dynamic rules table filled. - Some critical resources has been exhausted - Maybe some bugs in network adapter driver You may want to try "netstat -m", and ping other nodes when the networking is not working properly. These information would be helpful for tracking down the problem. Also, a /var/run/dmesg.boot would give us some information about your hardware. Cheers, -- Xin LI <delphij delphij net> http://www.delphij.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050528/0352dbe3/attachment.bin