1. 前言: 本来就是作个网吧使用的FreeBSD网关机,仅提供NAT 服务。指望依赖BSD超稳定性,提供稳定的网络服务。 可是一开始就犯了大错,选了个8139网卡,没成想,出了个大问题:网速慢!在痛苦好几日,在freebsdchina上与众高手讨论研究后,总算圆满解决! 我感谢freebsdchina的伙伴们尤其是:Delphij 等人的热情援助,还有chinaunix的 zyme quakelee wolfop等人的帮助,使我确定了网卡是关键。 再次感谢大家支持! 教训:FreeBSD对Intel 3com等高端网卡支持好,最好不要用8139 530等网卡!否则作一些特别依赖网卡的服务,会麻烦不断。。 注:我的环境 NAT服务器: P4 1.6G 512MRAM 8139x2 文件服务器: CII 1000A 512MRAM 网卡intel eepro100+ x1 Win2ks+SP4 客户机120台 Win98se 256MRAM C4p4 2.4G 8139 一般都有80人以上上座。
2. 与Win2ks 和 RH9Linux作的对比试验及结果: 都按照日期排序: 试验条件:陕西本省 ISP 的www.269.net 软件下载, Win2kSP4CHN 大小128MB 注:2月27~3月3日 时,是默认的FreeBSD4.8+ipf+ipNAT 网速,任何时候,不超过1024MB/s,徘徊在800~900KB/s 基本上,最后用FreeBSD + ipf + ipnat 就是早上最快8.9MB/s;网络繁忙时 有1MB/s左右;一般时段 有2Mb~5MB/s的速度。 用Win2ks + NAT 最多只有4.5MB/s.再高就没有了。Linux和FreeBSD 速度,是一个档次,但是FB的系统安全比Linux好处理,FB本身的安全机制已经非常出色了。 系统稳定性上,自然不用多说,FB绝对的老大!Linux用着总觉的系统要散架似的。。系统不紧凑,觉得很松散的样子。
3. 修正后的最终版内核配置,和rc.conf ipf.rules ipnat.rules sysctl.conf文件 #为了方便,这里假设外网卡rl0的参数是ip:333.333.333.333 netmask:255.255.255.0 geteway:333.333.333.1# 3.1 最终版内核配置文件 #我的内核,是为作NAT网关配置,充分优化、精简的,不支持鼠标、光驱、软驱、scsi设备、dos分区、没有tun设备不可用ppp、pppoe、不可用X。# #详细关于内核优化,参看www.freebsdchina.org 论坛的相关精华文章。# 内核NET 引用: # # NET -- NET kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1...fig-config.Html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed eXPlanations of the # device lines is also present in the ./LINT configuration file. If you are # in douBT as to the purpose or necessity of a line, check first in LINT. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.51.2.2 2003/03/25 23:35:15 jhb Exp $ machine i386 cpu I686_CPU ident NET #你的内核名字,要与内核配置文件名一致。 maxusers 0 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options UFS_DIRHASH #Improve performance on big Directories options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=0 #Delay (in ms) before probing SCSI options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies options CPU_ENABLE_SSE options AUTO_EOI_1 #NETWORK# #IPF options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default # NET SAFE options IPSTEALTH #support for stealth forwarding options RANDOM_IP_ID options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN # OPTION makeoptions CONF_CFLAGS=-fno-builtin #Don't allow use of memcmp, etc. options PANIC_REBOOT_WAIT_TIME=0 options VGA_NO_FONT_LOADING # don't save/load font options VGA_NO_MODE_CHANGE # don't change video modes options MAXCONS=4 # number of virtual consoles options SC_DISABLE_DDBKEY # disable `debug' key options SC_DISABLE_REBOOT # disable reboot key sequence options SC_HISTORY_SIZE=20 # number of history buffer lines # You can selectively disable features in syscons. options SC_NO_CUTPASTE options SC_NO_FONT_LOADING options SC_NO_SYSMOUSE device isa device eisa device pci # ATA and ATAPI devices device ata device atadisk # ATA disk drives # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 device vga0 at isa? # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 device agp # support several AGP chipsets # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device rl # RealTek 8129/8139 # Pseudo devices - the number indicates how many units to allocate. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device pty # Pseudo-ttys (telnet etc) # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf #Berkeley packet filter 附录:(给没编译过内核的菜鸟看的,老手不用管了) 当在/sys/i386/conf/建立好 内核配置文件后,按下面步子编译内核: # cd /usr/src/sys/i386/conf # /usr/sbin/config 你的内核配置文件名 # cd ../../compile/你的内核配置文件名 # make depend # make # make install # reboot 3.2 rc.conf文件 引用: # -- sysinstall generated deltas -- # Sun Feb 29 01:11:45 2004 # -- sysinstall generated deltas -- # Sun Feb 29 01:15:50 2004 # Created: Sun Feb 29 01:11:45 2004 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. kern_securelevel_enable="NO" nfs_reserved_port_only="YES" ifconfig_rl0="inet 333.333.333.333 netmask 255.255.255.0" ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0" gateway_enable="YES" defaultrouter="333.333.333.1" sshd_enable="NO" inetd_enable="NO" tcp_extensions="YES" hostname="SV.QDNET.NET" check_quotas="NO" sendmail_enable="NONE" usbd_enable="NO" syslogd_enable="NO" # Run syslog daemon (or NO). fsck_y_enable="YES" # Set to YES to do fsck -y if the initial preen fails. #####NTP-Network Time Protocol#### ntpdate_enable="YES" # Run ntpdate to sync time on boot (or NO). ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. ntpdate_flag
[1] [2] 下一页
(出处:http://www.sheup.com)
上一页 [1] [2]