FreeBSD 8.2 家用宽带设置
准备一台双网卡的电脑,配置P3 500,512M内存,10G硬盘足够,但内存不能少于256M,否则效率比较低。
配置稍高些的主机,类似的方法完全可以代替专业路由器,而且费用超低,办公室、网吧都可以胜任。
先编辑内核,释放不需要的设备驱动,此内核配置仅针对我自己的路由器优化,尤其是网卡设备禁用的较多,其他SICS设备禁用仅供参考,并且在内核最后面增加了几条用于配置IPF防火墙的内核选项,各位可根据自己的情况进行设置,如果照搬,很可能会无法上网甚至会启动失败。
########################################################################
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
########################################################################
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
########################################################################
内核文件拷贝到这个目录 /usr/src/sys/i386/conf
进入 /usr/src 目录.编译内核
输入编译内核命令
make buildkernel KERNCONF=THOTH
若编译失败,重新修改内核文件继续编译,通常是需要使用的设备被禁用,从反馈的错误可以看得出来。
输入安装内核命令
make installkernel KERNCONF=THOTH
编辑防火墙配置文件(ipf.rules)、系统配置文件(rc.conf)、地址转换文件(ipnat.rules)参看如下设置、宽带配置文件(ppp.conf)宽带配置文件的位置在 \etc\ppp,其余3个文件都在 \etc,然后重新启动(reboot 命令)路由器。
系统启动后,登录控制台,输入 ifconfig 可查看网络情况,如果 tun0 设备有外网 IP 地址,则成功。
内核参考文件
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.12.2.1 2010/12/21 17:09:25 kensmith Exp $
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
ident THOTH
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
# Use the following to compile in values accessible to the kernel
# through getenv() (or kenv(1) in userland). The format of the file
# is 'variable=value', see kenv(1)
#
# env "GENERIC.env"
#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
#options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
#options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
#options NFSLOCKD # Network Lock Manager
#options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
#options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options FLOWTABLE # per-cpu routing cache
#options KDTRACE_HOOKS # Kernel DTrace hooks
options INCLUDE_CONFIG_FILE # Include this file in kernel
options KDB # Kernel debugger related code
options KDB_TRACE # Print a stack trace for a panic
# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
# CPU frequency control
device cpufreq
# Bus support.
device acpi
#device eisa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
#device amd # AMD 53C974 (Tekram DC-390(T))
#device hptiop # Highpoint RocketRaid 3xxx series
#device isp # Qlogic family
#device ispfw # Firmware for QLogic HBAs- normally a module
#device mpt # LSI-Logic MPT-Fusion
#device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
#device trm # Tekram DC395U/UW/F DC315U adapters
#device adv # Advansys SCSI adapters
#device adw # Advansys wide SCSI adapters
#device aha # Adaptec 154x SCSI adapters
#device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device bt # Buslogic/Mylex MultiMaster SCSI adapters
#device ncv # NCR 53C500
#device nsp # Workbit Ninja SCSI-3
#device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# RAID controllers interfaced to the SCSI subsystem
#device amr # AMI MegaRAID
#device arcmsr # Areca SATA II RAID
#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
#device ciss # Compaq Smart RAID 5*
#device dpt # DPT Smartcache III, IV - See NOTES for options
#device hptmv # Highpoint RocketRAID 182x
#device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx
#device iir # Intel Integrated RAID
#device ips # IBM (Adaptec) ServeRAID
#device mly # Mylex AcceleRAID/eXtremeRAID
#device twa # 3ware 9000 series PATA/SATA RAID
# RAID controllers
#device aac # Adaptec FSA RAID
#device aacp # SCSI passthrough for aac (requires CAM)
#device ida # Compaq Smart RAID
#device mfi # LSI MegaRAID SAS
#device mlx # Mylex DAC960 family
#device pst # Promise Supertrak SX6000
#device twe # 3ware ATA RAID
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
#device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device uart # Generic UART driver
# Parallel port
#device ppc
#device ppbus # Parallel port bus (required)
#device lpt # Printer
#device plip # TCP/IP over parallel
#device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to sio, uart and/or ppc drivers):
#device puc
# 网卡设备,根据自己的网卡进行选择
# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 Gigabit Ethernet Family
#device igb # Intel PRO/1000 PCIE Server Gigabit Family
#device ixgb # Intel PRO/10GbE Ethernet Card
#device le # AMD Am7900 LANCE and Am79C9xx PCnet
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support (必须保留)
#device ae # Attansic/Atheros L2 FastEthernet
#device age # Attansic/Atheros L1 Gigabit Ethernet
#device alc # Atheros AR8131/AR8132 Ethernet
#device ale # Atheros AR8121/AR8113/AR8114 Ethernet
#device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
#device et # Agere ET1310 10/100/Gigabit Ethernet
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet
#device lge # Level 1 LXT1001 gigabit Ethernet
device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet
#device nfe # nVidia nForce MCP on-board Ethernet
#device nge # NatSemi DP83820 gigabit Ethernet
#device nve # nVidia nForce MCP on-board Ethernet Networking
#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le')
#device re # RealTek 8139C+/8169/8169S/8110S
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sge # Silicon Integrated Systems SiS190/191
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device stge # Sundance/Tamarack TC9021 gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit Ethernet
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
#device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device ex # Intel EtherExpress Pro/10 and Pro/10+
#device ep # Etherlink III based cards
#device fe # Fujitsu MB8696x based cards
#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device sn # SMC's 9000 series of Ethernet chips
#device xe # Xircom pccard Ethernet
# Wireless NIC cards
#device wlan # 802.11 support
#options IEEE80211_DEBUG # enable debug msgs
#options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's
#options IEEE80211_SUPPORT_MESH # enable 802.11s draft support
#device wlan_wep # 802.11 WEP support
#device wlan_ccmp # 802.11 CCMP support
#device wlan_tkip # 802.11 TKIP support
#device wlan_amrr # AMRR transmit rate control algorithm
#device an # Aironet 4500/4800 802.11 wireless NICs.
#device ath # Atheros pci/cardbus NIC's
#device ath_hal # pci/cardbus chip support
#options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors
#device ath_rate_sample # SampleRate tx rate control for ath
#device ral # Ralink Technology RT2500 wireless NICs.
#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device vlan # 802.1Q VLAN support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
options USB_DEBUG # enable debug msgs
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
#device urio # Diamond Rio 500 MP3 player
# USB Serial devices
#device u3g # USB-based 3G modems (Option, Huawei, Sierra)
#device uark # Technologies ARK3116 based serial adapters
#device ubsa # Belkin F5U103 and compatible serial adapters
#device uftdi # For FTDI usb serial adapters
#device uipaq # Some WinCE based devices
#device uplcom # Prolific PL-2303 serial adapters
#device uslcom # SI Labs CP2101/CP2102 serial adapters
#device uvisor # Visor and Palm devices
#device uvscom # USB serial support for DDI pocket's PHS
# USB Ethernet, requires miibus
#device aue # ADMtek USB Ethernet
#device axe # ASIX Electronics USB Ethernet
#device cdce # Generic USB over Ethernet
#device cue # CATC USB Ethernet
#device kue # Kawasaki LSI USB Ethernet
#device rue # RealTek RTL8150 USB Ethernet
#device udav # Davicom DM9601E USB
# USB Wireless
#device rum # Ralink Technology RT2501USB wireless NICs
#device uath # Atheros AR5523 wireless NICs
#device ural # Ralink Technology RT2500USB wireless NICs
#device zyd # ZyDAS zb1211/zb1211b wireless NICs
# FireWire support
#device firewire # FireWire bus code
##device sbp # SCSI over FireWire (Requires scbus and da)
#device fwe # Ethernet over FireWire (non-standard!)
#device fwip # IP over FireWire (RFC 2734,3146)
#device dcons # Dumb console driver
#device dcons_crom # Configuration ROM for dcons
########################################################################
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
########################################################################
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
########################################################################
系统配置文件(rc.conf)
# -- sysinstall generated deltas -- # Tue May 3 00:07:34 2011
# Created: Tue May 3 00:07:34 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
ifconfig_msk0="inet 192.168.80.1 netmask 255.255.255.0"
ifconfig_em0="inet 192.168.0.2 netmask 255.255.255.0"
ifconfig_tun0=
#defaultrouter="192.168.80.1"
#defaultrouter="192.168.0.2"
hostname="thoth.www.5ikm.net"
gateway_enable="YES"
inetd_enable="YES"
#linux_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
ppp_enable="YES" # 启动ADSL宽带
ppp_mode="ddial" # 断线重拨
ppp_profile="adsl" #ppp.conf label
ppp_nat="NO" # 禁用 PPP 内部的地址转换, 而使用 IPF 网关进行地址转换
# netd_enable="YES"
# natd_interface="tun0" #device name
fsck_y_enable="YES" # 开机磁盘检查,若遇到某次不正常关闭系统则开始扫描
ppp.conf 配置文件
default:
set device PPPoE:em0 # 指定网卡接口
enable dns #自动获取DNS
adsl:
set authname NAME #宽带的帐号
set authkey PASSWORD #宽带的密码
set dial
set login
#set ifaddr 192.168.80.1/0 255.255.255.0 0.0.0.0
add default HISADDR # Add a (sticky) default route
ipf.rules 配置文件
#################################################################
# Intranet
# msk0="192.168.80.1
# Internet
# em0="192.168.1.2"
# ipf -Fa -f /etc/ipf.rules
#################################################################
#
block in quick on tun0 proto tcp from any to any port = 21
block in quick on tun0 proto tcp from any to any port = 23
# block out quick on tun0 proto tcp from any port = 21 to any
# block out quick on tun0 proto tcp from any port = 23 to any
#################################################################
# 端口影射允许
# pass in quick on em0 proto tcp from any to any port = 3389 flags S keep state
# pass in quick on em0 proto tcp from any to any port = 1433 flags S keep state
#################################################################
# ADSL DEVICE
pass in quick on tun0 proto tcp from any to any flags S keep state
pass out quick on tun0 proto tcp from any to any flags S keep state
pass in quick on tun0 proto udp from any to any
pass out quick on tun0 proto udp from any to any
# Intranet (LAN)
pass in quick on msk0 proto tcp from any to any flags S keep state
pass out quick on msk0 proto tcp from any to any flags S keep state
pass in quick on msk0 proto udp from any to any
pass out quick on msk0 proto udp from any to any
# ADSL Interface
pass in quick on em0 proto tcp from any to any flags S keep state
pass out quick on em0 proto tcp from any to any flags S keep state
pass in quick on em0 proto udp from any to any
pass out quick on em0 proto udp from any to any
##################################################################
# Internet Unrestricted
# internet tcp/udp
# ----------------------------------------------------
pass in quick on em0 proto tcp/udp all
pass out quick on em0 proto tcp/udp all
#################################################################
# Intranet Unrestricted
# internet tcp/udp
pass in quick on tun0 proto tcp/udp all
pass out quick on tun0 proto tcp/udp all
#################################################################
# Intranet Unrestricted
# lan tcp/udp
# ----------------------------------------------------
pass in quick on msk0 proto tcp/udp all
pass out quick on msk0 proto tcp/udp all
#################################################################
# Lookbank Unrestricted
# ----------------------------------------------------
pass in quick on lo0 all
pass out quick on lo0 all
#################################################################
# icmp Unrestricted
# --------------------------------------------------------
pass in quick on em0 proto icmp all
pass out quick on em0 proto icmp all
# --------------------------------------------------------
pass in quick on msk0 proto icmp all
pass out quick on msk0 proto icmp all
# --------------------------------------------------------
pass in quick on tun0 proto icmp all
pass out quick on tun0 proto icmp all
#################################################################
查看网络状态
thoth# ifconfig
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:ea:01:06:f5:2b
inet 192.168.80.1 netmask 0xffffff00 broadcast 192.168.80.255
media: Ethernet autoselect (100baseTX <full-duplex,flowcontrol,rxpause,t
xpause>)
status: active
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC
>
ether 00:04:23:a5:d9:8e
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
options=80000<LINKSTATE>
inet 112.112.101.135 --> 112.112.101.1 netmask 0xffffffff <----连接成功
Opened by PID 404
thoth#
397
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
