Znam
Посетители профиля
257 просмотров профиля
Znam's Achievements
Пролетал Мимо (1/9)
0
Репутація
-
Поделитесь, пожалуйста, полным конфигом. Есть желание попробовать, нет желания маршировать по граблям. Нагрузка по ядрам равномерная? Сейчас использую ipfw_nat+dummynet. В пике 900мбит. Нагрузка по ядрам 30-40%. CPU: i5-3570 CPU @ 3.40GHz Пример конфига #!/bin/sh #tables: # 3 - Pipe Upload # 4 - Pipe Download # 7 - Private networks # 9 - Dolzniki # 33 - Server IPs # 101 - NAT instances # 102 - NAT clients /sbin/sysctl net.inet.ip.fw.one_pass=0 FwCMD="/sbin/ipfw " ${FwCMD} -f flush ${FwCMD} table 7 add 10.0.0.0/8 ${FwCMD} table 7 add 172.16.0.0/12 ${FwCMD} table 7 add 192.168.0.0/16 ${FwCMD} table 7 add 169.254.0.0/16 ${FwCMD} table 33 add 10.10.0.2 ${FwCMD} table 33 add *.*.56.0/26 ${FwCMD} table 102 add 10.10.0.0/16 11 IP=11 while [ $IP -le 50 ] do NATNUM=$IP ${FwCMD} nat $NATNUM delete ${FwCMD} nat $NATNUM config log ip *.*.56.$IP reset unreg_only same_ports deny_in ${FwCMD} table 101 add *.*.56.$IP $NATNUM IP=`expr $IP + 1` done #Block incoming DHT ${FwCMD} add 4001 deny all from any to any dst-port 6881-6889 via igb1 in #NAT tablearg ${FwCMD} add 6201 nat tablearg ip from any to "table(101)" via igb1 in ${FwCMD} add 6402 nat tablearg ip from "table(102)" to any via igb1 out ${FwCMD} add 6603 allow all from any to any via igb1 #Shape ${FwCMD} add 12100 pipe tablearg ip from not "table(7)" to "table(4)" via igb0 out ${FwCMD} add 12200 allow all from not "table(7)" to "table(4)" via igb0 out ${FwCMD} add 14100 pipe tablearg ip from "table(3)" to not "table(7)" via igb0 in ${FwCMD} add 14200 allow all from "table(3)" to not "table(7)" via igb0 in ${FwCMD} add 35100 allow all from any to "table(33)" ${FwCMD} add 35200 allow all from "table(33)" to any ${FwCMD} add 35300 allow all from any to any via lo0 # default block ${FwCMD} add 65401 fwd 10.10.0.2,80 log tcp from "table(9)" to not me dst-port 80 keep-state ${FwCMD} add 65532 deny all from any to any