Optimizing the TCP and Kernel of [Ubuntu/kali/Debian]? Here is some optimizations for you (I did not write them / Props to the original author)
# ------------------------------------------------------------------------------------------
Desc: TCPIP Tweaks for Ubuntu / most linux distress
Note: This likely will improve your throughput. I have had no problems with these settings
+ :
#------------------------------------------------------------------------------------------|
# INTERFACE SETTINGS
# ==================
# Please understand these before changing them.
# Check out Documentation/networking/ip-sysctl.txt in your kernel source for more details.
#---[ FULL CREDIT IS GIVEN TO THE ORIGINAL POSTER ]---#
|--------------------------------------------------------------------------------------|
#load irc and ftp conntrack helpers if they exist
/sbin/modprobe ip_conntrack_irc &>/dev/null
/sbin/modprobe ip_conntrack_ftp &>/dev/null
#ip fowarding (these must be 1 to be able to forward packets between interfaces!)
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
#tcp/ip stack tunings
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#echo 32768 > /proc/sys/net/ipv4/ip_conntrack_max
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_synack_retries
echo 1 > /proc/sys/net/ipv4/tcp_fack
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
#increase the default kernel tcp/ip stack memory settings
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem
echo "8388608 8388608 8388608" > /proc/sys/net/ipv4/tcp_mem
echo 87380 > /proc/sys/net/core/rmem_default
echo 65536 > /proc/sys/net/core/wmem_default
echo 8388608 > /proc/sys/net/core/wmem_max
echo 8388608 > /proc/sys/net/core/rmem_max
sysctl --system.cat /etc/modules-load.d/conntrack.conf
----- you should see the following:
nf_conntrack
nf_conntrack_ftp
nf_conntrack_irc
Once you write this with: sysctl --system
reboot -n
Upon the box coming back up it should be more optimized and secure.
Mark
Comments
Post a Comment
Please feel free to sign up and join the discussion or start one