fjrti/tcp.sh

## tcp.sh
#-----------------------------------------------------------|
# INTERFACE SETTINGS
# ==================
# Please understand these before changing them.
#-----------------------------------------------------------|

#load irc and ftp conntrack helpers if they exist
/sbin/modprobe ip_conntrack_irc &>/dev/null
/sbin/modprobe ip_conntrack_ftp &>/dev/null

#ip fowarding (these must be 1 to be able to forward packets between interfaces!)
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

#tcp/ip stack tunings
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#echo 32768 > /proc/sys/net/ipv4/ip_conntrack_max
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_synack_retries
echo 1 > /proc/sys/net/ipv4/tcp_fack
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

#increase the default kernel tcp/ip stack memory settings
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem
echo "8388608 8388608 8388608" > /proc/sys/net/ipv4/tcp_mem
echo 87380 > /proc/sys/net/core/rmem_default
echo 65536 > /proc/sys/net/core/wmem_default
echo 8388608 > /proc/sys/net/core/wmem_max
echo 8388608 > /proc/sys/net/core/rmem_max

#------------------------------------------------------------------------------------------|
	#-----------------------------------------------------------\|
	# INTERFACE SETTINGS
	# ==================
	# Please understand these before changing them.
	#-----------------------------------------------------------\|

	#load irc and ftp conntrack helpers if they exist
	/sbin/modprobe ip_conntrack_irc &>/dev/null
	/sbin/modprobe ip_conntrack_ftp &>/dev/null

	#ip fowarding (these must be 1 to be able to forward packets between interfaces!)
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

	#tcp/ip stack tunings
	echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
	echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
	echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
	echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
	#echo 32768 > /proc/sys/net/ipv4/ip_conntrack_max
	echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
	echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
	echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
	echo 1 > /proc/sys/net/ipv4/tcp_synack_retries
	echo 1 > /proc/sys/net/ipv4/tcp_fack
	echo 1 > /proc/sys/net/ipv4/tcp_sack
	echo 1 > /proc/sys/net/ipv4/tcp_timestamps
	echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
	echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
	echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
	echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
	echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
	echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

	#increase the default kernel tcp/ip stack memory settings
	echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
	echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem
	echo "8388608 8388608 8388608" > /proc/sys/net/ipv4/tcp_mem
	echo 87380 > /proc/sys/net/core/rmem_default
	echo 65536 > /proc/sys/net/core/wmem_default
	echo 8388608 > /proc/sys/net/core/wmem_max
	echo 8388608 > /proc/sys/net/core/rmem_max

	#------------------------------------------------------------------------------------------\|