FreeBSD+IPFILTER实现整网(N个Vlan)透明代理上网(9) map em1 10.0.45.0/24 -> a.b.c.d/32 map em1 10.0.46.0/24 -> a.b.c.d/32 map em1 10.0.47.0/24 -> a.b.c.d/32 map em1 10.0.48.0/24 -> a.b.c.d/32 map em1 10.1.44.0/24 -> a.b.c.d/32 map em1 10.1.45.0/24 -> a.b.c.d/32 map em1 10.1.46.0/24 -> a.b.c.d/32 map em1 10.1.47.0/24 -> a.b.c.d/32 rdr em1 a.b.c.d/32 port 80 -> 10.0.40.59 port 80 rdr em0 a.b.c.d/32 port 80 -> 10.0.40.59 port 80 #########################The end############################################ 6:优化内核 mkdir /usr/kern cp /usr/src/sys/i386/conf/GENERIC /usr/kern/proxy ln -s /usr/kern/proxy /usr/src/sys/i386/conf/proxy cd /sys/i386/conf ee proxy options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options TCP_DROP_SYNFIN options PQ_LARGECACHE ## 为512k二级缓存的CPU提供支持 options SC_DISABLE_REBOOT ##屏蔽Ctrl+Del+Alt热键重启系统 #To make an SMP kernel,the netx two are needed options SMP #Symmetric MultiProcess Kernel device apic # I/O APIC #如果没有双cpu就不需要了 #####加入对polling的支持################################## #options DEVICE_POLLING #options HZ=1193 在/sys/kern/kern_pool.c里面找到#error一行删掉。 在/etc/sysctl.conf里面加入 kern.polling.enable=1
