100.00% kernel{dummynet}

loader.conf

Цитировать

linux_load="YES"
pf_load="YES"
ipfw_load="YES"
ipdivert_load="YES"
dummynet_load="YES"
kern.hz="1000"

sysctl.conf

Цитировать

# $FreeBSD: releng/12.1/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
net.inet.ip.fastforwarding=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
##############################################
net.inet.ip.fw.dyn_max=65000
net.inet.tcp.drop_synfin=1
net.inet.tcp.syncookies=1
net.inet.ip.dummynet.hash_size=2048
net.inet.ip.dummynet.pipe_slot_limit=1000
net.inet.ip.dummynet.io_fast=1
net.inet.ip.dummynet.expire=0
net.inet.icmp.drop_redirect=1
###############################################
net.inet.ip.dummynet.max_chain_len=2048

net.inet.tcp.maxtcptw=40960
kern.ipc.somaxconn=32768
net.inet.tcp.nolocaltimewait=1
net.inet.ip.portrange.randomized=0
##################################

rc.conf скорочений

Цитировать

clear_tmp_enable="YES"
gateway_enable="YES"
hostname="billing.server"
##INTERFACES###
ifconfig_ix1="up"
ifconfig_ix0="inet 192.168.0.1 netmask 255.255.240.0"
ifconfig_ix0_50="inet 10.50.0.1/24"
#ifconfig_bce0="inet 192.168.0.11 netmask 255.255.240.0"
ifconfig_lo0_alias0="inet 10.10.10.1 netmask 255.255.255.255"

#ifconfig_ix1_alias1="inet 185.76.70.226 netmask 255.255.255.224"
................
#ifconfig_ix1_alias27="inet 185.76.70.254 netmask 255.255.255.224"

ifconfig_lo0_alias1="inet 185.76.70.226 netmask 255.255.255.255"

#ifconfig_vlan2025_alias0="inet 185.76.70.226 netmask 255.255.255.224"
............
#ifconfig_vlan2025_alias24="inet 185.76.70.252 netmask 255.255.255.224"

###VLANS###
ifconfig_ix0_alias0="inet 10.17.0.1/24"
ifconfig_ix0_alias1="inet 10.18.0.1/24"
ifconfig_ix0_alias2="inet 10.19.0.1/24"
ifconfig_ix0_alias3="inet 10.20.0.1/24"
ifconfig_ix0_alias4="inet 10.21.0.1/24"
ifconfig_ix0_alias5="inet 10.22.0.1/24"
ifconfig_ix0_alias6="inet 10.23.0.1/24"
ifconfig_ix0_alias7="inet 10.24.0.1/24"
ifconfig_ix0_alias8="inet 10.25.0.1/24"
ifconfig_ix0_alias9="inet 10.26.0.1/24"
ifconfig_ix0_alias10="inet 10.27.0.1/24"
ifconfig_ix0_alias11="inet 10.28.0.1/24"
ifconfig_ix0_alias12="inet 10.29.0.1/24"
#ifconfig_ix0_alias1030="inet 10.30.0.1/24"
ifconfig_ix0_alias14="inet 10.31.0.1/24"

vlans_ix0="50 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1030"
#vlans_ix1="2025 2325"

cloned_interfaces="vlan2025 vlan2325 vlan1030"
#ifconfig_vlan2025="inet 185.76.70.235/27 vlan 2025 vlandev ix1"
ifconfig_vlan2025="inet 185.109.52.114/30 vlan 2025 vlandev ix1"
ifconfig_vlan2325="inet 185.76.69.126/30 vlan 2325 vlandev ix1"

ifconfig_ix0_1001="inet 10.1.0.1/24"
ifconfig_ix0_1002="inet 10.2.0.1/24"
ifconfig_ix0_1003="inet 10.3.0.1/24"
ifconfig_ix0_1004="inet 10.4.0.1/24"
ifconfig_ix0_1005="inet 10.5.0.1/24"
ifconfig_ix0_1006="inet 10.6.0.1/24"
ifconfig_ix0_1007="inet 10.7.0.1/24"
ifconfig_ix0_1008="inet 10.8.0.1/24"
ifconfig_ix0_1009="inet 10.9.0.1/24"
ifconfig_ix0_1010="inet 10.10.0.1/24"
ifconfig_ix0_1011="inet 10.11.0.1/24"
ifconfig_ix0_1012="inet 10.12.0.1/24"
ifconfig_ix0_1013="inet 10.13.0.1/24"
ifconfig_ix0_1014="inet 10.14.0.1/24"
ifconfig_ix0_1015="inet 10.15.0.1/24"
ifconfig_ix0_1016="inet 10.16.0.1/24"
ifconfig_ix0_1030="inet 10.30.0.1/24"

dhcpd_ifaces="
vlan1030"

#defaultrouter="185.76.70.225"
sshd_enable="YES"
ntpdate_enable="YES"
dumpdev="AUTO"
linux_enable="YES"
fsck_y_enable="YES"
background_fsck="NO"
firewall_enable="YES"
local_unbound_enable="YES"
pf_enable="YES"
mysql_enable="yes"
apache24_enable=YES
ipcad_enable=YES
bird_enable=YES
dhcpd_enable=YES
dhcpd_flags="-q"
dhcpd_withuser=root

pf.conf

Цитировать

#ext_if = "ix1"
ext_if = "{vlan2025 vlan2325}"
#ext_if = "vlan2325"

set limit states 256000
set optimization aggressive

#scrub on ix1 all no-df max-mss 1400
#scrub on ix0 all no-df max-mss 1400

# TEmporary rules for reserve if
#nat pass on $ext_if2 from 10.0.0.0/8 to any -> ($ext_if2)
#nat pass on $ext_if2 from 192.168.0.0/16 to any -> ($ext_if2)

nat pass on $ext_if from 10.1.0.0/24 to any -> 185.76.70.244
nat pass on $ext_if from 10.2.0.0/24 to any -> 185.76.70.246
nat pass on $ext_if from 10.3.0.0/24 to any -> 185.76.70.247
nat pass on $ext_if from 10.4.0.0/24 to any -> 185.76.70.248
nat pass on $ext_if from 10.5.0.0/24 to any -> 185.76.70.249
nat pass on $ext_if from 10.6.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.7.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.8.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.9.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.10.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.11.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.12.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.13.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.14.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.15.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.16.0.0/24 to any -> 185.76.70.250

nat pass on $ext_if from 10.17.0.0/25 to any -> 185.76.70.251
nat pass on $ext_if from 10.17.0.128/25 to any -> 185.76.70.252

#nat pass on ix1 from 10.17.0.0/25 to any -> 185.76.70.242
#nat pass on ix1 from 10.17.0.128/25 to any -> 185.76.70.243
#nat pass on ix1 from 10.18.0.0/24 to any -> 185.76.70.249
#nat pass on ix1 from 10.125.0.0/24 to any -> 185.76.70.253
nat pass on $ext_if from 10.18.0.0/25 to any -> 185.76.70.238
nat pass on $ext_if from 10.18.0.128/25 to any -> 185.76.70.239

nat pass on $ext_if from 10.19.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.20.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.21.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.22.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.23.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.24.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.25.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.26.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.27.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.28.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.29.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.30.0.0/24 to any -> 185.76.70.250
nat pass on $ext_if from 10.31.0.0/24 to any -> 185.76.70.250

nat pass on $ext_if from 192.168.0.0/25 to any -> 185.76.70.226
nat pass on $ext_if from 192.168.0.128/25 to any -> 185.76.70.227
nat pass on $ext_if from 192.168.10.0/25 to any -> 185.76.70.228
nat pass on $ext_if from 192.168.10.128/25 to any -> 185.76.70.229
nat pass on $ext_if from 192.168.11.0/25 to any -> 185.76.70.230
nat pass on $ext_if from 192.168.11.128/25 to any -> 185.76.70.231
nat pass on $ext_if from 192.168.12.0/25 to any -> 185.76.70.232
nat pass on $ext_if from 192.168.12.128/25 to any -> 185.76.70.233
nat pass on $ext_if from 192.168.14.0/25 to any -> 185.76.70.253
nat pass on $ext_if from 192.168.14.128/25 to any -> 185.76.70.254
binat on $ext_if from 192.168.0.185 to any -> 185.76.70.239
#binat on $ext_if from 192.168.10.221 to any -> 185.76.70.249
binat on $ext_if from 192.168.0.205 to any -> 185.76.70.240
binat on $ext_if from 192.168.10.53 to any -> 185.76.70.245
binat on $ext_if from 192.168.0.51 to any -> 185.76.70.237
binat on $ext_if from 192.168.0.184 to any -> 185.76.70.238
binat on $ext_if from 192.168.0.16 to any -> 185.76.70.234
#binat on $ext_if from 192.168.10.22 to any -> 185.76.70.243
#binat on ix1 from 192.168.10.23 to any -> 185.76.70.244
#binat on ix1 from 192.168.10.67 to any -> 185.76.70.246
binat on $ext_if from 192.168.10.20 to any -> 185.76.70.241
#binat on ix1 from 192.168.10.21 to any -> 185.76.70.242
#binat on ix1 from 192.168.10.23 to any -> 185.76.70.244
#binat on ix1 from 192.168.10.67 to any -> 185.76.70.246
binat on $ext_if from 192.168.10.89 to any -> 185.76.70.247
#binat on ix1 from 192.168.10.227 to any -> 185.76.70.250
binat on $ext_if from 10.3.0.54 to any -> 185.76.70.242
binat on $ext_if from 10.2.0.54 to any -> 185.76.70.243
binat on $ext_if from 10.4.0.63 to any -> 185.76.70.236

netstat -w1 показало 500/350мбіт при трафіку 1,9гбіт!

Цитировать

input (Total) output
packets errs idrops bytes packets errs bytes colls
500123 0 0 499705712 436470 0 343723280 0
509701 0 0 509776166 447769 0 355338086 0
503080 0 0 505683141 438749 0 351615851 0
487009 0 0 492708786 419180 0 329492537 0
477152 0 0 481046986 416906 0 332865728 0
463344 0 0 472567871 403648 0 325116082 0
471055 0 0 484805775 403640 0 329475084 0
481398 0 0 485370497 423012 0 341743887 0
481294 0 0 485678432 414575 0 334198557 0
456492 0 0 462559335 395379 0 314922212 0
475285 0 0 481021572 415400 0 337567515 0
476795 0 0 486058897 414947 0 344694149 0
459458 0 0 462932605 403144 0 323747382 0
481205 0 0 487111342 416599 0 330199432 0
467420 0 0 474998909 409300 0 331497943 0
454373 0 0 459796660 392618 0 313346847 0
461039 0 0 466763671 397362 0 310538817 0
480496 0 0 485241897 418589 0 335443043 0
476516 0 0 475797804 415858 0 327085244 0
476224 0 0 477163378 415478 0 330584234 0
469141 0 0 469975094 397287 0 310838008 0