FreeBSD :
;
;
TCP/IP- , SLIP, PPP, NFS, DHCP NIS;
X Window System (X11R6) (GUI);
Linux, SCO, SVR4, BSDI NetBSD;
;
online-.
FreeBSD 4.4BSD-Lite Computer Systems Research Group (CSRG) , .
, FreeBSD:
-: TCP/IP FreeBSD -;
FTP-;
World Wide Web;
NAT (IP-);
.
FreeBSD , Yahoo!, Apache, Sony Japan, Netcraft, Weathernews.
FreeBSD
FreeBSD - . : , , .
IPFW. . ROUTER:
# cd /usr/src/sys/amd64/conf
# cp GENERIC ROUTER
:
cpu HAMMER
ident ROUTER
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options IPFIREWALL #
options IPFIREWALL_VERBOSE # , log
options IPFIREWALL_VERBOSE_LIMIT=100 # options IPFIREWALL_DEFAULT_TO_ACCEPT # -
options IPDIVERT # NAT
options IPFIREWALL_FORWARD #
options DUMMYNET #
:
# cd /usr/src
# make buildkernel KERNCONF=ROUTER
# make installkernel KERNCONF=ROUTER
rc.conf :
firewall_enable="YES"
natd_enable="YES"
natd_interface="vr0"
firewall_type="open"
firewall_logging="YES"
NAT.
/sbin/ifconfig vr0 195.213.21.67 netmask 255.255.255.224
/sbin/ifconfig vr1 192.168.4.1 netmask 255.255.255.0
/sbin/route add default 195.213.21.65
:
>ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 195.213.21.67 netmask 0xffffffe0 broadcast 195.213.21.95
inet6 fe80::219:5bff:fe83:d87e%vr0 prefixlen 64 scopeid 0x2
ether 00:19:5b:83:d8:7e
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr1: flags=8943<UP, BROADCAST, RUNNING, PROMISC, SIMPLEX, MULTICAST> mtu 1500
|
|
inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255
inet6 fe80::219:5bff:fe84:6bfa%vr1 prefixlen 64 scopeid 0x3
ether 00:19:5b:84:6b:fa
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
#!/bin/sh
ipfw='/sbin/ipfw'
${ipfw} -f -q flush
${ipfw} add 100 permit ip from any to any via lo0
${ipfw} add 101 deny tcp from 124.121.0.0/16 to 195.213.21.67 25
#Rules for VPN
${ipfw} add 801 permit ip from 192.168.10.0/24 to 192.168.4.0/24
${ipfw} add 803 deny ip from 192.168.10.0/24 to any
${ipfw} add 900 divert natd ip from any to any via vr0
# icmp
${ipfw} add 1500 permit icmp from any to any
# web, icq SQUID
${ipfw} add 1501 forward 192.168.4.1:3128 tcp from 192.168.4.0/24 to any 80
${ipfw} add 1502 forward 192.168.4.1:3128 tcp from 192.168.4.0/24 to any 8080
# DNS
${ipfw} add 1600 permit udp from any 53 to any
${ipfw} add 1700 permit udp from any to any 53
# HTTP
${ipfw} add 2000 permit tcp from any 80 to 192.168.4.0/24 established
${ipfw} add 2100 permit tcp from 192.168.4.0/24 to any 80
# POP3
${ipfw} add 2600 permit tcp from any 110 to 192.168.4.0/24 established
${ipfw} add 2700 permit tcp from 192.168.4.0/24 to any 110
# SMTP
${ipfw} add 2800 permit tcp from 192.168.4.1 25 to 192.168.4.0/24 established
${ipfw} add 2900 permit tcp from 192.168.4.0/24 to 192.168.4.1 25
- SQUID
SQUID , http/ftp . - (squid) IP- , (), . - , - , . - , , .
SQUID RPM-. RPM SQUID
rpm -ih squid-2.3.STABLE2-3mdk.i586.rpm
ftp://ftp.squid.org. , :
cd /usr/src/
gunzip squid-2.3.STABLE2-3-src.tar.gz
tar xvf squid-2.3.STABLE2-3-src.tar.gz
cd squid
:
./configure --prefix=/usr/local/squid
make all
make install
Squid , prefix /usr/local/squid.
Squid squid.conf. /usr/local/squid/etc.
SQUID:
/usr/local/squid/bin/squid
squid.conf
http_port 3128 -
cache_swap_high - ( ), .
ACL :
acl
http_access allow|deny aclname - http