扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
来源: 2007年10月12日
1、硬件配置
HP NETSERVER 800 PⅢ1000 内存256M Inter82559网卡两张
2、分区情况
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 248M 54M 174M 24% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0s1f 4.8G 130M 4.3G 3% /home
/dev/da0s1d 248M 12K 228M 0% /tmp
/dev/da0s1g 4.8G 565M 3.9G 12% /usr
/dev/da0s1e 5.8G 410K 5.3G 0% /var
3、系统安装情况
采用最小化安装
并且安装src和ports(原本打算采用ports安装,但是不知道怎么搞的,竟然不能cvs源码,当然也就不能通过ports安装,无奈之下只能采用源码编译)
4、内核编译
没有对内核采用优化,这里只是为了验证pf和squid结合做反向代理的可行性,在实际的生产应用中应该对服务器内核做一定程度的优化。
cd /usr/src/sys/i386/conf
cp GENERIC cache
编辑内核cache在内核中添加如下选项
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
编译内核
/usr/sbin/config cache
cd ../config/cache
make depend
make
make install
至此内核编译完毕
reboot
5、让系统自动加载pf
编辑/etc/rc.conf
usbd_enable="NO"
defaultrouter="218.4.xxx.xxx"
hostname="cache.aaa.com"
ifconfig_fxp0="inet 218.4.xxx.xxx netmask 255.255.255.248"
ifconfig_fxp1="inet 192.168.2.10 netmask 255.255.255.0"
gateway_enable="YES"
inetd_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
sshd_enable="YES"
6、打开ip转发
在/etc/sysctl.conf中添加如下内容
7、实现共享上网,最简单的pf设置wan_if="fxp0" lan_if="fxp1" inter_net="192.168.2.0/24" web_server="192.168.2.3" ftp_server="192.168.2.3" scrub in all nat on $wan_if from $inter_net to any -> fxp0 rdr on fxp1 proto tcp from $lan_if to any port 80 -> $lan_if port 80 rdr on fxp1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 #rdr on fxp0 proto tcp from any to $wan_if port 80 ->$web_server port 8080 #rdr on fxp1 proto tcp from $lan_if to $wan_if port 80 ->$web_server port 8080 rdr on $wan_if proto tcp from any to any port 21 -> $ftp_server port 21 rdr on $wan_if proto tcp from any to any port 49152:65535 -> $ftp_server port 49152:65535 # in on $wan_if pass in quick on $wan_if proto tcp from any to $ftp_server port 21 keep state pass in quick on $wan_if proto tcp from any to $ftp_server port > 49151 keep state # out on $lan_if pass out quick on $lan_if proto tcp from any to $ftp_server port 21 keep state pass out quick on $lan_if proto tcp from any to $ftp_server port > 49151 keep state #Disable danger port #Danger_Port="{445 135 139 593 5554 9995 9996}" #block quick on $wan_if inet proto tcp from any to any port $Danger_Port #block quick on $wan_if inet proto tcp from any to any port $Danger_Port pass in all pass out all |
./configure --enable-useragent-log --enable-referer-log --enable-default-err-language=Simplify_Chinese --enable-err-languages="Simplify_Chinese English" --disable-internal-dns --enable-pf-transparent #make #make install #mkdir /home/cache(创建存放cache的目录) |
chown squid:squid /home/cache ee /usr/local/squid/etc/squid.conf |
192.168.2.2 www.aaa.com 192.168.2.3 mail.aaa.com |
visible_hostname cache . example.com cache_dir ufs /home/cache 1024 16 256 cache_mem 100 MB cache_effective_user squid cache_effective_group squid http_port 80 httpd_accel_host virtual httpd_accel_single_host off httpd_accel_port 80 httpd_accel_uses_host_header on httpd_accel_with_proxy on # accelerater my domain only acl acceleratedHostA dstdomain . example1.com #acl acceleratedHostB dstdomain .example2.com #acl acceleratedHostC dstdomain .example3.com # accelerater http protocol on port 80 acl acceleratedProtocol protocol HTTP acl acceleratedPort port 80 # access arc acl all src 0.0.0.0/0.0.0.0 # Allow requests when they are to the accelerated machine AND to the # right port with right protocol http_access allow acceleratedProtocol acceleratedPort acceleratedHostA #http_access allow acceleratedProtocol acceleratedPort acceleratedHostB #http_access allow acceleratedProtocol acceleratedPort acceleratedHostC # logging emulate_httpd_log on cache_store_log none # manager acl manager proto cache_object http_access allow manager all cachemgr_passwd pass all squid.conf文件配置完成 |
chown –R squid:squid /home/cache |
/usr/local/squid/sbin/squid -z 启动squid /usr/local/squid/sbin/squid |
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
去集群 更超群——大容量网络演进之路
2019 IBM 中国论坛
H3C 2019 Navigate 领航者峰会
助推数据中心网络现代化转型 打造灵活可靠基础架构平台