ต้องทำให้เครื่อง pentium3 แรงๆเพื่อจะได้โหลดบิต (ทำแบบมั่วๆ search ใน google เรื่อง optimize, tunning บ้างมารวมๆกัน)
Friday, April 13, 2007
Subscribe to:
Post Comments (Atom)
ต้องทำให้เครื่อง pentium3 แรงๆเพื่อจะได้โหลดบิต (ทำแบบมั่วๆ search ใน google เรื่อง optimize, tunning บ้างมารวมๆกัน)
1 comment:
> > /usr/src/sys/i386/conf/HYBITZ
machine i386
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
ident HYBITZ
#makeoptions DEBUG=-g
makeoptions COPTFLAGS="-O -pipe -funroll-loops -ffast-math"
options DEVICE_POLLING
options HZ=1000
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options SHMSEG=128
options SHMMNI=256
options SHMMAX=33554432 # max shared memory segment size (bytes)
options SHMALL=16384 # max amount of shared memory (pages)
options MSGMNB=16384 # max # of bytes in a queue
options MSGMNI=48 # number of message queue identifiers
options MSGSEG=768 # number of message segments
options MSGSSZ=64 # size of a message segment
options MSGTQL=4096 # max messages in system
> >/etc/make.conf
CPUTYPE=??
CFLAGS= -O -pipe -funroll-loops -ffast-math
COPTFLAGS= -O -pipe -funroll-loops -ffast-math
> >/boot/loader.conf:
> >
kern.maxusers=0
kern.ipc.nmbclusters=65536
kern.maxfiles=16384
kern.maxproc=8192
kern.ipc.somaxconn: 8192
kern.ipc.maxsockets=16384
> >
> >/etc/sysctl.conf:
# TCP/IP optimization
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
kern.maxfilesperproc=8192
> > /usr/local/etc/pf.conf
# define macros for each network interface
extif = "fxp0"
intif = "dc0"
tcp_services = "{ 22, 443 }"
# define our networks
intnet = "192.168.1.0/24"
extaddr = "1.2.3.4"
natone = "10.0.0.2"
nattwo = "10.0.0.3"
icmp_types = "echoreq"
allproto = "{ tcp, udp, ipv6, icmp, esp, ipencap }"
privnets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
bittorrent = "59130:59300"
set loginterface $extif
# Normalizes packets and masks the OS's shortcomings such as SYN/FIN packets
# [scrub reassemble tcp](BID 10183) and sequence number approximation
# bugs (BID 7487).
scrub on $extif reassemble tcp no-df random-id
#############
# NAT Rules #
#############
nat on $extif from $intif:network to any -> ($extif)
#HTTP, HTTPS, to natone
#rdr on $extif proto tcp from any to any port 80 -> $natone
#rdr on $extif proto tcp from any to any port 443 -> $natone
#SSH to natone
#rdr on $extif proto tcp from any to any port 22 -> $natone
#Bittorrent to nattwo
#rdr on $extif proto tcp from any to any port $bittorrent -> $nattwo
###########
# END NAT #
###########
block log
pass quick on lo0 all
#This is necessary to pass to spamd
pass quick proto tcp from any to $privnets port 8025
#"Block drop in quick" will kill the rdr rules above for the privnet
block drop in on $extif from $privnets to any
block drop in on $extif from any to $privnets
################################
# Begin Selective Port Opening #
################################
#For a Mail server
#pass in on $extif proto tcp from any to any port 25 flags S/SA
pass in on $extif proto tcp from any to any port 22 flags S/SA
pass in on $extif proto tcp from any to any port 80 flags S/SA
pass in on $extif proto tcp from any to any port 20000 flags S/SA
pass in on $extif proto tcp from any to any port $bittorrent flags S/SA
#pass in on $extif proto tcp from any to any port $tcp_services flags S/SA synproxy state
#pass in on $extif proto tcp from any to $natone port 80 flags S/SA keep state
# DNS server
pass in on $extif proto {tcp, udp} from any to any port 53
###############
# Basic Rules #
###############
pass in inet proto icmp all icmp-type $icmp_types keep state
#Lets keep the local net free
pass in on $intif from $intif:network to any keep state
#Allow fw to establish connections to internal net
pass out on $intif from any to $intif:network keep state
#Pass out TCP UDP, ICMP and ipv6
pass out on $extif proto ipv6 all
#This doesn't work, maybe needs altq?
pass out on $extif proto tcp all modulate state flags S/SA
#pass out on $extif proto { tcp, udp, icmp } all keep state
pass out on $extif all keep state
Post a Comment