1. 前言:
本来就是作个网吧使用的FreeBSD网关机,仅提供NAT 服务。指望依赖BSD超稳定性,提供稳定的网络服务。
可是一开始就犯了大错,选了个8139网卡,没成想,出了个大问题:网速慢!在痛苦好几日,在freebsdchina上与众高手讨论研究后,总算圆满解决!
我感谢freebsdchina的伙伴们尤其是:delphij 等人的热情援助,还有chinaunix的 zyme quakelee wolfop等人的帮助,使我确定了网卡是关键。
再次感谢大家支持!
教训:FreeBSD对Intel 3com等高端网卡支持好,最好不要用8139 530等网卡!否则作一些特别依赖网卡的服务,会麻烦不断。。
注:我的环境
NAT服务器: P4 1.6G 512MRAM 8139x2
文件服务器: CII 1000A 512MRAM 网卡intel eepro100+ x1 Win2ks+SP4
客户机120台 Win98se 256MRAM C4p4 2.4G 8139 一般都有80人以上上座。
2. 与Win2ks 和 RH9Linux作的对比试验及结果:
都按照日期排序:
试验条件:陕西本省 ISP 的www.269.net 软件下载, Win2kSP4CHN 大小128MB
注:2月27~3月3日 时,是默认的FreeBSD4.8+ipf+ipNAT 网速,任何时候,不超过1024MB/s,徘徊在800~900KB/s
基本上,最后用FreeBSD + ipf + ipnat 就是早上最快8.9MB/s;网络繁忙时 有1MB/s左右;一般时段 有2Mb~5MB/s的速度。
用Win2ks + NAT 最多只有4.5MB/s.再高就没有了。Linux和FreeBSD 速度,是一个档次,但是FB的系统安全比Linux好处理,FB本身的安全机制已经非常出色了。
系统稳定性上,自然不用多说,FB绝对的老大!Linux用着总觉的系统要散架似的。。系统不紧凑,觉得很松散的样子。
3. 修正后的最终版内核配置,和rc.conf ipf.rules ipnat.rules sysctl.conf文件
#为了方便,这里假设外网卡rl0的参数是ip:333.333.333.333 netmask:255.255.255.0 geteway:333.333.333.1#
3.1 最终版内核配置文件
#我的内核,是为作NAT网关配置,充分优化、精简的,不支持鼠标、光驱、软驱、scsi设备、dos分区、没有tun设备不可用ppp、pppoe、不可用X。#
#详细关于内核优化,参看www.freebsdchina.org 论坛的相关精华文章。#
内核NET
引用:
#
# NET -- NET kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1...fig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.51.2.2 2003/03/25 23:35:15 jhb Exp $
machine i386
cpu I686_CPU
ident NET #你的内核名字,要与内核配置文件名一致。
maxusers 0
options INET #InterNETworking
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=0 #Delay (in ms) before probing SCSI
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options CPU_ENABLE_SSE
options AUTO_EOI_1
#NETWORK#
#IPF
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
# NET SAFE
options IPSTEALTH #support for stealth forwarding
options RANDOM_IP_ID
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
# OPTION
makeoptions CONF_CFLAGS=-fno-builtin #Don't allow use of memcmp, etc.
options PANIC_REBOOT_WAIT_TIME=0
options VGA_NO_FONT_LOADING # don't save/load font
options VGA_NO_MODE_CHANGE # don't change video modes
options MAXCONS=4 # number of virtual consoles
options SC_DISABLE_DDBKEY # disable `debug' key
options SC_DISABLE_REBOOT # disable reboot key sequence
options SC_HISTORY_SIZE=20 # number of history buffer lines
# You can selectively disable features in syscons.
options SC_NO_CUTPASTE
options SC_NO_FONT_LOADING
options SC_NO_SYSMOUSE
device isa
device eisa
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device vga0 at isa?
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device rl # RealTek 8129/8139
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device pty # Pseudo-ttys (telnet etc)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
附录:(给没编译过内核的菜鸟看的,老手不用管了)
当在/sys/i386/conf/建立好 内核配置文件后,按下面步子编译内核:
# cd /usr/src/sys/i386/conf
# /usr/sbin/config 你的内核配置文件名
# cd ../../compile/你的内核配置文件名
# make depend
# make
# make install
# reboot
3.2 rc.conf文件
引用:
# -- sysinstall generated deltas -- # Sun Feb 29 01:11:45 2004
# -- sysinstall generated deltas -- # Sun Feb 29 01:15:50 2004
# Created: Sun Feb 29 01:11:45 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
kern_securelevel_enable="NO"
nfs_reserved_port_only="YES"
ifconfig_rl0="inet 333.333.333.333 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="333.333.333.1"
sshd_enable="NO"
inetd_enable="NO"
tcp_extensions="YES"
hostname="SV.QDNET.NET"
check_quotas="NO"
sendmail_enable="NONE"
usbd_enable="NO"
syslogd_enable="NO" # Run syslog daemon (or NO).
fsck_y_enable="YES" # Set to YES to do fsck -y if the initial preen fails.
#####NTP-Network Time Protocol####
ntpdate_enable="YES" # Run ntpdate to sync time on boot (or NO).
ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
ntpdate_flag
