Hello guys,
Anyone on this forum here that has some
experience on adjusting the conntrack and hashsize filters ?
and setting your own value's and start up script
like iptables/nat/ip_conntrack/....
Im an DD-wrt user at this moment, but im just curious,
how the console is configured for OpenWrt?
Or could help me further on these config's,
This is the Start up script and adjustments i'm using now
#!/bin/sh/
sleep 300
sysctl -w kernel.shm_rmid_forced=1
echo 1 > /proc/sys/kernel/modules_disabled
echo 524288 > /sys/module/nf_conntrack/parameters/hashsize
echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 8192 > /proc/sys/net/netfilter/nf_conntrack_expect_max
echo 1440000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
echo 16384 > /proc/sys/net/ipv4/tcp_max_orphans
echo 65536 > /proc/sys/net/core/netdev_max_backlog
echo 65536 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 131072 > /proc/sys/net/core/somaxconn
echo 131072 > /proc/sys/vm/min_free_kbytes
echo 268435456 > /proc/sys/net/core/optmem_max
echo 524288 4194304 268435456 > /proc/sys/net/ipv4/tcp_mem
echo 524288 4194304 268435456 > /proc/sys/net/ipv4/tcp_rmem
echo 524288 4194304 268435456 > /proc/sys/net/ipv4/tcp_wmem
echo 262144 2097152 134217728 > /proc/sys/net/ipv4/udp_mem
echo 4194304 > /proc/sys/net/core/rmem_default
echo 268435456 > /proc/sys/net/core/rmem_max
echo 4194304 > /proc/sys/net/core/wmem_default
echo 268435456 > /proc/sys/net/core/wmem_max
echo 262144 > /proc/sys/net/ipv4/udp_rmem_min
echo 262144 > /proc/sys/net/ipv4/udp_wmem_min
echo 1492 > /proc/sys/net/ipv6/conf/all/mtu
echo 1492 > /proc/sys/net/ipv6/conf/ppp0/mtu
echo 1492 > /proc/sys/net/ipv6/conf/eth0/mtu
echo 2048 > /proc/sys/net/ipv6/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
echo 8192 > /proc/sys/net/ipv6/neigh/default/gc_thresh3
echo 60 > /proc/sys/net/ipv6/neigh/default/base_reachable_time_ms
echo 240 > /proc/sys/net/ipv6/neigh/default/gc_stale_time
echo 4096 > /proc/sys/net/ipv6/route/gc_thresh
echo 268435456 > /proc/sys/kernel/shmall
echo 536870912 > /proc/sys/kernel/shmmax
echo 4194304 > /proc/sys/kernel/msgmax
echo 262144 > /proc/sys/kernel/msgmnb
echo 8192 > /proc/sys/kernel/msgmni
echo 0 > /proc/sys/kernel/sysrq
echo 1 > /proc/sys/fs/suid_dumpable
echo 4096 > /proc/sys/vm/dirty_bytes
echo 1 > /proc/sys/vm/overcommit_memory
echo 4096 > /proc/sys/net/ipv4/tcp_base_mss
echo 30 > /proc/sys/net/ipv4/ipfrag_time
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 30 > /proc/sys/net/ipv4/neigh/default/gc_interval
echo 240 > /proc/sys/net/ipv4/neigh/default/gc_stale_time
echo 60 > /proc/sys/net/ipv4/neigh/default/base_reachable_time_ms
echo 240 > /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo 1 > /proc/sys/net/ipv4/tcp_moderate_rcvbuf
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo performance > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_ecn
echo 3 > /proc/sys/net/ipv4/tcp_reordering
echo 6 > /proc/sys/net/ipv4/tcp_syn_retries
echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
echo 30 > /proc/sys/net/ipv4/tcp_timeout_syn_recv
echo 120 > /proc/sys/net/ipv4/tcp_timeout_syn_sent
echo 15 > /proc/sys/net/ipv4/tcp_timeout_last_ack
echo 150 > /proc/sys/net/ipv4/tcp_timeout_time_wait
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 300 > /proc/sys/net/ipv4/tcp_timeout_unacknowledged
echo 1 > /proc/sys/net/ipv4/tcp_retrans_collapse
echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 6 > /proc/sys/net/ipv4/route/redirect_number
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo 5 > /proc/sys/net/ipv4/tcp_keepalive_probes
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_slow_start_after_idle
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv6/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/secure_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv6/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirect
echo 30000 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow
echo 1 > /proc/sys/net/ipv4/tcp_mtu_probing
echo 0 > /proc/sys/net/ipv4/tcp_orphan_retries
echo 0 > /proc/sys/net/ipv6/conf/all/dad_transmits
echo 0 > /proc/sys/net/ipv6/conf/default/dad_transmits
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
echo 1 > /proc/sys/net/ipv4/route.flush
echo 1 > /proc/sys/net/ipv6/route.flush
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 86400 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
sysctl -w net.ipv4.tcp_congestion_control=htcp
/sbin/ifconfig eth0 txqueuelen 8192
Dont look at the value's to much, cause im still changing these value's..
If anyone has experience using these code's with SSH
and how to config them correctly to adjust Linux
on your own router, cause atleast OpenWrt/DD-wrt
is using Linux servers.
Thanks for reading, and hope to find some users.