Linux tuning tcp

On October 20, 2010, in Linux, by mike

# Improve Linux performance

#by mike@linuxserver.org

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 >  /proc/sys/net/ipv4/tcp_sack
echo 14000 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo “2″ > /proc/sys/net/ipv4/tcp_synack_retries
echo 15 > /proc/sys/net/ipv4/ipfrag_time
echo 7200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo “0″ > /proc/sys/net/ipv4/conf/all/secure_redirects
echo “0″ > /proc/sys/net/ipv4/conf/all/send_redirects
echo “64″ > /proc/sys/net/ipv4/ip_default_ttl

### --- TUNNING TCP --- ###

echo "4096 873814 8738140" > /proc/sys/net/ipv4/tcp_wmem
echo "4096 873814 8738140" > /proc/sys/net/ipv4/tcp_rmem
echo 8738140 > /proc/sys/net/core/rmem_max
echo 8738140 > /proc/sys/net/core/wmem_max

# Increase the amount of memory associated
# ..with input and output socket buffers

echo 362144 > /proc/sys/net/core/rmem_default
echo 362144 > /proc/sys/net/core/rmem_max
echo 362144 > /proc/sys/net/core/wmem_default
echo 362144 > /proc/sys/net/core/wmem_max
echo 16384 > /proc/sys/net/ipv4/route/gc_thresh
echo 12000 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 24000 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 36000 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 65536 > /proc/sys/net/ipv4/route/max_size
echo 2048 > /proc/sys/net/ipv4/route/redirect_silence
echo 8192 > /proc/sys/kernel/msgmax
echo 23384 > /proc/sys/kernel/msgmnb
echo 4096 > /proc/sys/kernel/shmmni
echo 362144 > /proc/sys/kernel/threads-max
echo 2 > /proc/sys/vm/overcommit_memory

# file system tunning.

echo 200000 > /proc/sys/fs/file-max

/sbin/modprobe ip_queue
echo 1024 > /proc/sys/net/ipv4/ip_queue_maxlen

# icmp rate limit

echo 200 > /proc/sys/net/ipv4/icmp_ratelimit

# Enable bad error message protection

echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Set the the range of output ports

echo “32768 61000″ >/proc/sys/net/ipv4/ip_local_port_range

# Disabling IP Spoofing attacks

echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

# Don’t respond to broadcast pings (Smurf-Amplifier-Protection)

echo “1″ > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Enable icmp echo ( by default )

echo “0″ > /proc/sys/net/ipv4/icmp_echo_ignore_all

# Kill tcp timestamps

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

# Block source routing
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# Kill SYN Cookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Kill redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

# Enable bad error message protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

Digg Delicious Mixx StumbleUpon Digg

Tagged with:  

Leave a Reply

WordPress Blog

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...

Copyright © 2005-2010 Linux Server™. Use of this web site constitutes acceptance of the Linux Server™ Terms of Use and Privacy Policy. en-US Linux is a trademark registered by Linus Torvalds in the United States and other countries.