Сборка ядра (c Kernel NAT) на FreeBSD 8.2


Ядро по умолчанию в FreeBSD – GENERIC. Каждый собирет ядро под свои нужды, под свое оборудование и т.д. Убрав лишние для себя опции можно значительно уменьшить размер ядра, тем самым улучшить производительность сервера.
В этой статье я приведу пример своего конфига ядра.

Сохраним копию оригинального конфига

mx# cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/asyzone

Теперь приступим к редактированию своего файла, в моем примере – asyzone

mx# ee /usr/src/sys/i386/conf/asyzone

Все ненужное для себя я закомментировал. Мой конфиг выглядит так:

###############################
#ASY_kernel configuration file#
###############################
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.12.2.1 2010/12/21 17:09:25 kensmith Exp $

#cpu		I486_CPU
#cpu		I586_CPU
cpu		I686_CPU
ident		ASY_kernel

# To statically compile in device wiring instead of /boot/device.hints
#hints		"GENERIC.hints"		# Default places to look for devices.

# Use the following to compile in values accessible to the kernel
# through getenv() (or kenv(1) in userland). The format of the file
# is 'variable=value', see kenv(1)
#
# env		"GENERIC.env"

makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols

options		SCHED_ULE		# ULE scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	SCTP			# Stream Control Transmission Protocol
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
options 	MD_ROOT			# MD is a potential root device
options 	NFSCLIENT		# Network Filesystem Client
options 	NFSSERVER		# Network Filesystem Server
options 	NFSLOCKD		# Network Lock Manager
options 	NFS_ROOT		# NFS usable as /, requires NFSCLIENT
#options 	MSDOSFS			# MSDOS Filesystem
options 	CD9660			# ISO 9660 Filesystem
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		# Pseudo-filesystem framework
options 	GEOM_PART_GPT		# GUID Partition Tables.
options 	GEOM_LABEL		# Provides labelization
options 	COMPAT_43TTY		# BSD 4.3 TTY compat (sgtty)
options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
options 	COMPAT_FREEBSD7		# Compatible with FreeBSD7
#options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	STACK			# stack(9) support
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	P1003_1B_SEMAPHORES	# POSIX-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
options 	AUDIT			# Security event auditing
options 	MAC			# TrustedBSD MAC Framework
options 	FLOWTABLE		# per-cpu routing cache
#options 	KDTRACE_HOOKS		# Kernel DTrace hooks
options 	INCLUDE_CONFIG_FILE  	# Include this file in kernel

options 	KDB			# Kernel debugger related code
options 	KDB_TRACE		# Print a stack trace for a panic

# ASY personal options
options	IPFIREWALL			# Включаем фаерволл
options	IPFIREWALL_VERBOSE		# Включаем логирование для фаерволла
options	IPFIREWALL_VERBOSE_LIMIT=1000	# Ограничиваем логи кол-вом строк (1000)
options	IPFIREWALL_NAT			# Включаем поддержку kernel NAT
options	IPFIREWALL_FORWARD		# Изменение назнчения пакетов
options	IPFIREWALL_DEFAULT_TO_ACCEPT	# Правило по умолчанию
options	LIBALIAS			# Необходимо для kernel NAT
options	ROUTETABLES=2			# Поддержка двух таблиц маршрутизации
options	DUMMYNET			# Для Kernel NAT + Ограничение пропускной способности
options	HZ="1000"			# Для DUMMYNET

# To make an SMP kernel, the next two lines are needed
#options 	SMP			# Symmetric MultiProcessor Kernel
#device		apic			# I/O APIC

# CPU frequency control
device		cpufreq

# Bus support.
device		acpi
#device		eisa
device		pci

# Floppy drives
#device		fdc

# ATA and ATAPI devices
device		ata
device		atadisk			# ATA disk drives
#device		ataraid			# ATA RAID drives
device		atapicd			# ATAPI CDROM drives
#device		atapifd			# ATAPI floppy drives
#device		atapist			# ATAPI tape drives
options 	ATA_STATIC_ID		# Static device numbering

# SCSI Controllers
#device		ahb			# EISA AHA1742 family
#device		ahc			# AHA2940 and onboard AIC7xxx devices
#options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~128k to driver.
#device		ahd			# AHA39320/29320 and onboard AIC79xx devices
#options 	AHD_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~215k to driver.
#device		amd			# AMD 53C974 (Tekram DC-390(T))
#device		hptiop			# Highpoint RocketRaid 3xxx series
#device		isp			# Qlogic family
#device		ispfw			# Firmware for QLogic HBAs- normally a module
#device		mpt			# LSI-Logic MPT-Fusion
#device		ncr			# NCR/Symbios Logic
#device		sym			# NCR/Symbios Logic (newer chipsets + those of `ncr')
#device		trm			# Tekram DC395U/UW/F DC315U adapters

#device		adv			# Advansys SCSI adapters
#device		adw			# Advansys wide SCSI adapters
#device		aha			# Adaptec 154x SCSI adapters
#device		aic			# Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device		bt			# Buslogic/Mylex MultiMaster SCSI adapters

#device		ncv			# NCR 53C500
#device		nsp			# Workbit Ninja SCSI-3
#device		stg			# TMC 18C30/18C50

# SCSI peripherals
device		scbus			# SCSI bus (required for SCSI)
#device		ch			# SCSI media changers
device		da			# Direct Access (disks)
#device		sa			# Sequential Access (tape etc)
#device		cd			# CD
#device		pass			# Passthrough device (direct SCSI access)
#device		ses			# SCSI Environmental Services (and SAF-TE)

# RAID controllers interfaced to the SCSI subsystem
#device		amr			# AMI MegaRAID
#device		arcmsr			# Areca SATA II RAID
#device		asr			# DPT SmartRAID V, VI and Adaptec SCSI RAID
#device		ciss			# Compaq Smart RAID 5*
#device		dpt			# DPT Smartcache III, IV - See NOTES for options
#device		hptmv			# Highpoint RocketRAID 182x
#device		hptrr			# Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx
#device		iir			# Intel Integrated RAID
#device		ips			# IBM (Adaptec) ServeRAID
#device		mly			# Mylex AcceleRAID/eXtremeRAID
#device		twa			# 3ware 9000 series PATA/SATA RAID

# RAID controllers
#device		aac			# Adaptec FSA RAID
#device		aacp			# SCSI passthrough for aac (requires CAM)
#device		ida			# Compaq Smart RAID
#device		mfi			# LSI MegaRAID SAS
#device		mlx			# Mylex DAC960 family
#device		pst			# Promise Supertrak SX6000
#device		twe			# 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc			# AT keyboard controller
device		atkbd			# AT keyboard
device		psm			# PS/2 mouse

#device		kbdmux			# keyboard multiplexer

device		vga			# VGA video card driver

#device		splash			# Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device		sc

device		agp			# support several AGP chipsets

# Power management support (see NOTES for more options)
#device		apm
# Add suspend/resume support for the i8254.
#device		pmtimer

# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device		cbb			# cardbus (yenta) bridge
#device		pccard			# PC Card (16-bit) bus
#device		cardbus			# CardBus (32-bit) bus

# Serial (COM) ports
#device		uart			# Generic UART driver

# Parallel port
#device		ppc
#device		ppbus			# Parallel port bus (required)
#device		lpt			# Printer
#device		plip			# TCP/IP over parallel
#device		ppi			# Parallel port interface device
#device		vpo			# Requires scbus and da

# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to sio, uart and/or ppc drivers):
#device		puc

# PCI Ethernet NICs.
#device		de			# DEC/Intel DC21x4x (``Tulip'')
#device		em			# Intel PRO/1000 Gigabit Ethernet Family
#device		igb			# Intel PRO/1000 PCIE Server Gigabit Family
#device		ixgb			# Intel PRO/10GbE Ethernet Card
#device		le			# AMD Am7900 LANCE and Am79C9xx PCnet
#device		ti			# Alteon Networks Tigon I/II gigabit Ethernet
#device		txp			# 3Com 3cR990 (``Typhoon'')
#device		vx			# 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus			# MII bus support
#device		ae			# Attansic/Atheros L2 FastEthernet
#device		age			# Attansic/Atheros L1 Gigabit Ethernet
#device		alc			# Atheros AR8131/AR8132 Ethernet
#device		ale			# Atheros AR8121/AR8113/AR8114 Ethernet
#device		bce			# Broadcom BCM5706/BCM5708 Gigabit Ethernet
#device		bfe			# Broadcom BCM440x 10/100 Ethernet
#device		bge			# Broadcom BCM570xx Gigabit Ethernet
#device		dc			# DEC/Intel 21143 and various workalikes
#device		et			# Agere ET1310 10/100/Gigabit Ethernet
#device		fxp			# Intel EtherExpress PRO/100B (82557, 82558)
#device		jme			# JMicron JMC250 Gigabit/JMC260 Fast Ethernet
#device		lge			# Level 1 LXT1001 gigabit Ethernet
#device		msk			# Marvell/SysKonnect Yukon II Gigabit Ethernet
#device		nfe			# nVidia nForce MCP on-board Ethernet
#device		nge			# NatSemi DP83820 gigabit Ethernet
#device		nve			# nVidia nForce MCP on-board Ethernet Networking
#device		pcn			# AMD Am79C97x PCI 10/100 (precedence over 'le')
device		re			# RealTek 8139C+/8169/8169S/8110S
device		rl			# RealTek 8129/8139
#device		sf			# Adaptec AIC-6915 (``Starfire'')
#device		sge			# Silicon Integrated Systems SiS190/191
#device		sis			# Silicon Integrated Systems SiS 900/SiS 7016
#device		sk			# SysKonnect SK-984x & SK-982x gigabit Ethernet
#device		ste			# Sundance ST201 (D-Link DFE-550TX)
#device		stge			# Sundance/Tamarack TC9021 gigabit Ethernet
#device		tl			# Texas Instruments ThunderLAN
#device		tx			# SMC EtherPower II (83c170 ``EPIC'')
#device		vge			# VIA VT612x gigabit Ethernet
#device		vr			# VIA Rhine, Rhine II
#device		wb			# Winbond W89C840F
#device		xl			# 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs.  pccard NICs included.
#device		cs			# Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device		ed			# NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device		ex			# Intel EtherExpress Pro/10 and Pro/10+
#device		ep			# Etherlink III based cards
#device		fe			# Fujitsu MB8696x based cards
#device		ie			# EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device		sn			# SMC's 9000 series of Ethernet chips
#device		xe			# Xircom pccard Ethernet

# Wireless NIC cards
#device		wlan			# 802.11 support
#options 	IEEE80211_DEBUG		# enable debug msgs
#options 	IEEE80211_AMPDU_AGE 	# age frames in AMPDU reorder q's
#options 	IEEE80211_SUPPORT_MESH	# enable 802.11s draft support
#device		wlan_wep		# 802.11 WEP support
#device		wlan_ccmp		# 802.11 CCMP support
#device		wlan_tkip		# 802.11 TKIP support
#device		wlan_amrr		# AMRR transmit rate control algorithm
#device		an			# Aironet 4500/4800 802.11 wireless NICs.
#device		ath			# Atheros pci/cardbus NIC's
#device		ath_hal			# pci/cardbus chip support
#options 	AH_SUPPORT_AR5416	# enable AR5416 tx/rx descriptors
#device		ath_rate_sample		# SampleRate tx rate control for ath
#device		ral			# Ralink Technology RT2500 wireless NICs.
#device		wi			# WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device		wl			# Older non 802.11 Wavelan wireless NIC.

# Pseudo devices.
device		loop			# Network loopback
device		random			# Entropy device
device		ether			# Ethernet support
device		vlan			# 802.1Q VLAN support
device		tun			# Packet tunnel.
device		pty			# BSD-style compatibility pseudo ttys
device		md			# Memory "disks"
device		gif			# IPv6 and IPv4 tunneling
device		faith			# IPv6-to-IPv4 relaying (translation)
device		firmware		# firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf			# Berkeley packet filter

# USB support
options 	USB_DEBUG		# enable debug msgs
device		uhci			# UHCI PCI->USB interface
device		ohci			# OHCI PCI->USB interface
device		ehci			# EHCI PCI->USB interface (USB 2.0)
device		usb			# USB Bus (required)
#device		udbp			# USB Double Bulk Pipe devices
device		uhid			# "Human Interface Devices"
device		ukbd			# Keyboard
#device		ulpt			# Printer
device		umass			# Disks/Mass storage - Requires scbus and da
device		ums			# Mouse
device		urio			# Diamond Rio 500 MP3 player
# USB Serial devices
#device		u3g			# USB-based 3G modems (Option, Huawei, Sierra)
#device		uark			# Technologies ARK3116 based serial adapters
#device		ubsa			# Belkin F5U103 and compatible serial adapters
#device		uftdi			# For FTDI usb serial adapters
#device		uipaq			# Some WinCE based devices
#device		uplcom			# Prolific PL-2303 serial adapters
#device		uslcom			# SI Labs CP2101/CP2102 serial adapters
#device		uvisor			# Visor and Palm devices
#device		uvscom			# USB serial support for DDI pocket's PHS
# USB Ethernet, requires miibus
#device		aue			# ADMtek USB Ethernet
#device		axe			# ASIX Electronics USB Ethernet
#device		cdce			# Generic USB over Ethernet
#device		cue			# CATC USB Ethernet
#device		kue			# Kawasaki LSI USB Ethernet
#device		rue			# RealTek RTL8150 USB Ethernet
#device		udav			# Davicom DM9601E USB
# USB Wireless
#device		rum			# Ralink Technology RT2501USB wireless NICs
#device		uath			# Atheros AR5523 wireless NICs
#device		ural			# Ralink Technology RT2500USB wireless NICs
#device		zyd			# ZyDAS zb1211/zb1211b wireless NICs

# FireWire support
#device		firewire		# FireWire bus code
#device		sbp			# SCSI over FireWire (Requires scbus and da)
#device		fwe			# Ethernet over FireWire (non-standard!)
#device		fwip			# IP over FireWire (RFC 2734,3146)
#device		dcons			# Dumb console driver
#device		dcons_crom		# Configuration ROM for dcons

Главное – не забыть обратить внимание на строки

options	IPFIREWALL
options	IPFIREWALL_VERBOSE
options	IPFIREWALL_VERBOSE_LIMIT=1000
options	IPFIREWALL_NAT
options	IPFIREWALL_FORWARD
options	IPFIREWALL_DEFAULT_TO_ACCEPT
options	LIBALIAS
options	ROUTETABLES=2
options	DUMMYNET
options	HZ="1000"

Они нам будут необходимы для работы Kernel NAT (IPFW NAT).

Приступаем непосредственно к сборке ядра. Выполняем:

mx# cd /usr/src
mx# make buildkernel KERNCONF=asyzone

Этот процесс занимает у меня (с моим конфигом) около 30 минут – все зависит от опций конфига и мощности машины.
Когда процесс сборки завершился – устанавливаем новое ядро

mx# make installkernel KERNCONF=asyzone

Тут все проходит быстро – около 1-2 минут.

Все, ядро установлено! Делаем рестарт машины.

mx# shutdown -r now

一步一步地会到目的

I do not smoke or drink


Search for Extra-Terrestrial Intelligence at Home
Search for Extra-Terrestrial Intelligence at Home

User signature graphic BOINC Stars

Power by BOINC

International Space Station
Прямая трансляция переговоров космонавтов МКС с ЦУП.
Только голос | Голос и Видео
Говорят они не всегда, только по необходимости, так что не удивляйтесь, если на канале будет тишина.
Ubuntu 14.04 (Trusty Tahr) Daily Build

>>> Старые релизы Ubuntu <<<

Оглавление

Cisco Systems

Связь через консольный кабель
Сброс пароля на Catalyst 2950
Создание VLAN на Catalyst 2950
Создание и управление стеками коммутаторов

FreeBSD 8.2 - Сервер с "нуля"

Установка
Начальная настройка
Сборка ядра (c Kernel NAT)
Named
OpenVPN

Ubuntu Server

Настраиваем WEB-сервер
Apache2 + PHP5 + MySQL + phpMyAdmin
Пример для виртуальных хостов

VSFTPd + SSL Не закончено!
Установка TFTP сервера (tftpd)
Установка Midnight Commander
Установка Deluge с Web-интерфейсом
Бэкапим MySQL базы
MySQL шпаргалки
Резервное копирование - м1
Простой шлюз на Ubuntu Server
Сетевое радио на Icecast2
Объединение HDD дисков
Управление автозагрузкой
Настройка сети вручную
Защита от брутфорса
ssh, ftp, http: fail2ban
OpenVPN Installation Ubuntu

Ubuntu Desktop

Настройка Ubuntu Desktop 10.10
Раскукоживаем Менеждер обновлений
Раскладка - флажки вместо текста
QutIM - клиент ICQ, Jabber, MAgent, IRC
Температура железа на панеле
Горячие клавиши в Ubuntu Unity

Драйвера NVIDIA в Ubuntu
Радио лоток в области уведомлений
SSHFS - Монтируем удаленную FS
Резервное копирование Ubuntu Desk
Загрузочная флешка Ubuntu Server
Загрузочная USB из под Windows
Как найти нужный PPA-репозиторий
Видеонаблюдение под Ubuntu 10.04 для "чайников"
Видеонаблюдение легально!

Linux

Полезные команды Linux
Конфиг железа в Ubuntu
Мониторинг хостов в сети
Разное на одном листе
inotify - это подсистема ядра Linux, которая позволяет получать уведомления об изменениях в файловой системе.

Полезное под Windows

FTPS - защищённое соединение
PuTTY - Как сохранить настройки
VirtualBox - Клонирование виртуальных машин.

Скриптовые языки

AWK - Язык обработки структурированных текстов

Чит-листы или Шпаргалки

pdf css_cheat-sheet ver.1
pdf css_cheat-sheet ver.2
pdf php_cheat-sheet ver.1
pdf php_cheat-sheet ver.2
pdf javascript_cheat-sheet ver.1
pdf mysql_cheat-sheet ver.1
pdf html_cheat-sheet ver.1
pdf regular_expressions ver.1
pdf regular_expressions ver.2
pdf mod_rewrite_cheat-sheet ver.1
pdf mod_rewrite_cheat-sheet ver.2
pdf sql_server_cheat-sheet ver.1
pdf microformats_cheat-sheet ver.1
pdf seo_cheat-sheet ver.0.4
pdf wordpress_designer ver.1

Последовательное соединение проводников
Последовательное соединение проводников

Параллельное соединение проводников
Параллельное соединение проводников

Gedit style schemes

xml darktango.xml
xml emacs-darkslategrey.xml

HTML заметки

Разные валидные фичи
10 преступлений с HTML тегами
Заметки по установке
MaxSite CMS версия 0.42
Горизонтальное CSS Меню
.htacces паролим сайт
Противоугонный пакет

Коллекция jQuery plagins

Quovolver [?]
Custom Animation Banner [?]
Style my tooltips [?]

ipv6.nic.ru

QR Coder.ru
Генератор QR-кодов


2:5020/1209.12@FidoNet

Logo WebMoney
WMIDwmid 358066815673
pursewmzZ452007172362
wmrR568219491953
wmeE770110075404

Logo Yandex.Money
 Yndex purse4100178599238



Мои телефоны:
  1. Билайн AMPS/DAMPS - модели ERICSSON DH318,
    ERICSSON DH618
  2. Билайн GSM - Siemens C25 корпус "Хамелион" (тариф "Серебрянный")
  3. Мегафон GSM - SAMSUNG SGH-T400
  4. Мегафон GSM / AIS GSM Thailand - Qtek s100
  5. Мегафон GSM - SAMSUNG SGH-i900 WiTu 8Gb
  6. Мегафон GSM - HTC Wildfire S
  7. Мегафон GSM - HTC One S
  8. Мегафон GSM / Теле2 GSM - ASUS Zenfone 2 ZE550ML
  9. Мегафон GSM - Xiaomi Redmi Note 4 4Gb 64Gb
  10. Мегафон GSM - Xiaomi Redmi Note 8 6Gb 64Gb