FreeBSD
1. 前言: 本來就是作個網吧使用的FreeBSD網關機,僅提供NAT 服務。指望依賴BSD超穩定性,提供穩定的網絡服務。
可是一開始就犯了大錯,選了個8139網卡,沒成想,出了個大問題:網速慢!在痛苦好幾日,在freebsdchina上與眾高手討論研究後,總算圓滿解決!
我感謝freebsdchina的伙伴們尤其是:delphij 等人的熱情援助,還有chinaunix的 zyme quakelee wolfop等人的幫助,使我確定了網卡是關鍵。
再次感謝大家支持!
教訓:FreeBSD對Intel 3com等高端網卡支持好,最好不要用8139 530等網卡!否則作一些特別依賴網卡的服務,會麻煩不斷。。
注:我的環境
NAT服務器: P4 1.6G 512MRAM 8139x2
文件服務器: CII 1000A 512MRAM 網卡intel eepro100+ x1 Win2ks+SP4
客戶機120台 Win98se 256MRAM C4p4 2.4G 8139 一般都有80人以上上座。
2. 與Win2ks 和 RH9Linux作的對比試驗及結果: 都按照日期排序:
試驗條件:陝西本省 ISP 的www.269.net 軟件下載, Win2kSP4CHN 大小128MB
注:2月27~3月3日 時,是默認的FreeBSD4.8+ipf+ipNAT 網速,任何時候,不超過1024MB/s,徘徊在800~900KB/s
基本上,最後用FreeBSD + ipf + ipnat 就是早上最快8.9MB/s;網絡繁忙時 有1MB/s左右;一般時段 有2Mb~5MB/s的速度。
用Win2ks + NAT 最多只有4.5MB/s.再高就沒有了。Linux和FreeBSD 速度,是一個檔次,但是FB的系統安全比Linux好處理,FB本身的安全機制已經非常出色了。
系統穩定性上,自然不用多說,FB絕對的老大!Linux用著總覺的系統要散架似的。。系統不緊湊,覺得很松散的樣子。
3. 修正後的最終版內核配置,和rc.conf ipf.rules ipnat.rules sysctl.conf文件 #為了方便,這裡假設外網卡rl0的參數是ip:333.333.333.333 netmask:255.255.255.0 geteway:333.333.333.1#
3.1 最終版內核配置文件
#我的內核,是為作NAT網關配置,充分優化、精簡的,不支持鼠標、光驅、軟驅、scsi設備、dos分區、沒有tun設備不可用ppp、pppoe、不可用X。#
#詳細關於內核優化,參看www.freebsdchina.org 論壇的相關精華文章。#
內核NET
引用:
#
# NET -- NET kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1...fig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.51.2.2 2003/03/25 23:35:15 jhb Exp $
machine i386
cpu I686_CPU
ident NET #你的內核名字,要與內核配置文件名一致。
maxusers 0
options INET #InterNETworking
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=0 #Delay (in ms) before probing SCSI
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options CPU_ENABLE_SSE
options AUTO_EOI_1
#NETWORK#
#IPF
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
# NET SAFE
options IPSTEALTH #support for stealth forwarding
options RANDOM_IP_ID
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
# OPTION
makeoptions CONF_CFLAGS=-fno-builtin #Don't allow use of memcmp, etc.
options PANIC_REBOOT_WAIT_TIME=0
options VGA_NO_FONT_LOADING # don't save/load font
options VGA_NO_MODE_CHANGE # don't change video modes
options MAXCONS=4 # number of virtual consoles
options SC_DISABLE_DDBKEY # disable `debug' key
options SC_DISABLE_REBOOT # disable reboot key sequence
options SC_HISTORY_SIZE=20 # number of history buffer lines
# You can selectively disable features in syscons.
options SC_NO_CUTPASTE
options SC_NO_FONT_LOADING
options SC_NO_SYSMOUSE
device isa
device eisa
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device vga0 at isa?
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device rl # RealTek 8129/8139
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device pty # Pseudo-ttys (telnet etc)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
附錄:(給沒編譯過內核的菜鳥看的,老手不用管了)
當在/sys/i386/conf/建立好 內核配置文件後,按下面步子編譯內核:
# cd /usr/src/sys/i386/conf
# /usr/sbin/config 你的內核配置文件名
# cd ../../compile/你的內核配置文件名
# make depend
# make
# make install
# reboot
3.2 rc.conf文件
引用:
# -- sysinstall generated deltas -- # Sun Feb 29 01:11:45 2004
# -- sysinstall generated deltas -- # Sun Feb 29 01:15:50 2004
# Created: Sun Feb 29 01:11:45 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
kern_securelevel_enable="NO"
nfs_reserved_port_only="YES"
ifconfig_rl0="inet 333.333.333.333 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="333.333.333.1"
sshd_enable="NO"
inetd_enable="NO"
tcp_extensions="YES"
hostname="SV.QDNET.NET"
check_quotas="NO"
sendmail_enable="NONE"
usbd_enable="NO"
syslogd_enable="NO" # Run syslog daemon (or NO).
fsck_y_enable="YES" # Set to YES to do fsck -y if the initial preen fails.
#####NTP-Network Time Protocol####
ntpdate_enable="YES" # Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
ntpdate_flag
