Есть FreeBSD 9.0 amd64, две сетевых карты em1 (internet), em0(local network)
настроен фаервол ipfw, natd, squid (не прозрачный), сервер выступает как шлюз для раздачи интернета.
Проблема следуюющая: при аплоаде файлов через squid очень маленькая скорость.
При этом заметил следуюющее: natd, dhcpd нагружают процессор в момент аплоада через squid и идет большой трафик через loopback интерфейс.
вывод комманды ipfw show
Код: Выделить всё
0100 655389684 36707144666 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 4 292 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 1 76 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01100 1615 76160 deny ip from 192.168.1.1 to any in via em1
01200 0 0 deny ip from 199.69.99.11 to any in via em0
01300 46652 3705426 deny ip from any to 172.16.0.0/12 via em1
01400 3936404 345618870 deny ip from any to 192.168.0.0/16 via em1
01500 4 336 deny ip from any to 0.0.0.0/8 via em1
01600 4129 387621 deny ip from any to 169.254.0.0/16 via em1
01700 0 0 deny ip from any to 192.0.2.0/24 via em1
01800 917566 33777571 deny ip from any to 224.0.0.0/4 via em1
01900 147872 22029252 deny ip from any to 240.0.0.0/4 via em1
02000 1132194739 1190981955947 divert 8668 ip4 from any to any via em1
02100 3 248 deny ip from 172.16.0.0/12 to any via em1
02200 35925 2281289 deny ip from 192.168.0.0/16 to any via em1
02300 1808 122494 deny ip from 0.0.0.0/8 to any via em1
02400 3 174 deny ip from 169.254.0.0/16 to any via em1
02500 0 0 deny ip from 192.0.2.0/24 to any via em1
02600 0 0 deny ip from 224.0.0.0/4 to any via em1
02700 0 0 deny ip from 240.0.0.0/4 to any via em1
02800 960156249 1095316736582 allow tcp from any to any established
02900 64236062 8243196577 allow ip from any to any frag
03000 34 1756 allow tcp from any to me dst-port 25 setup
03100 193 11580 allow tcp from any to me dst-port 53 setup
03200 63 4222 allow udp from any to me dst-port 53
03300 64 8350 allow udp from me 53 to any
03400 417 24140 allow tcp from any to me dst-port 80 setup
03500 211 10472 allow ip from any to me dst-port 3389 setup
05300 77 4488 allow ip from any to me dst-port 1723 setup
05400 3 156 allow ip from any to me dst-port 8443 setup
05500 9882 590596 allow tcp from any to me dst-port 22 setup
05600 1 60 allow ip from any to me dst-port 2000 setup
05700 0 0 allow ip from any to me dst-port 2201 setup
07400 4241779 216690096 deny log logamount 1000 ip4 from any to any in via em1 setup proto tcp
07500 21135656 1048824936 allow tcp from any to any setup
07600 474447 35298081 allow udp from me to any dst-port 53 keep-state
07700 532 40612 allow udp from me to any dst-port 123 keep-state
65535 1990638432 1122305322718 allow ip from any to any
Код: Выделить всё
Load Average |||
Interface Traffic Peak Total
tun0 in 79.507 KB/s 232.479 KB/s 42.314 GB
out 2.022 MB/s 2.424 MB/s 59.662 GB
lo0 in 4.450 MB/s 4.450 MB/s 43.723 GB
out 4.450 MB/s 4.450 MB/s 43.723 GB
em1 in 2.629 MB/s 2.982 MB/s 464.533 GB
out 2.493 MB/s 2.875 MB/s 484.673 GB
em0 in 240.458 KB/s 296.941 KB/s 442.368 GB
out 512.508 KB/s 850.857 KB/s 416.122 GB
Код: Выделить всё
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
66885 root 1 92 0 26672K 2784K CPU3 3 528:43 65.48% natd
9160 dhcpd 1 45 0 31032K 9280K CPU1 1 7:40 32.96% dhcpd
66455 root 1 20 0 18344K 2856K select 1 119:27 1.37% openvpn
16043 squid 1 20 0 44404K 17884K kqread 2 0:22 0.29% squid
