FreeBsd5.4 + pf + squid reverse proxy practical notes (1)

1. hardware configuration
Hp netserver 800 P Ⅲ 1000 memory 256 M Inter82559 two NICs
2. Partition Information

Filesystem Size Used Avail Capacity Mounted on/dev/da0s1a 248M 54M 174M 24% /devfs 1.0K 1.0K 0B 100% /dev/dev/da0s1f 4.8G 130M 4.3G 3% /home/dev/da0s1d 248M 12K 228M 0% /tmp/dev/da0s1g 4.8G 565M 3.9G 12% /usr/dev/da0s1e 5.8G 410K 5.3G 0% /var

3. System Installation
Minimal Installation
The installation of src and ports was originally intended to use ports for installation, but I don't know how to do it. Instead, I can't use the cvs source code. Of course, I can't install ports through ports, but I can only use the source code for compilation)
4. kernel Compilation
The kernel is not optimized. Here, we only want to verify the feasibility of combining pf and squid for reverse proxy. in actual production applications, we should optimize the server kernel to a certain extent.

cd /usr/src/sys/i386/confcp GENERIC cache

Edit the kernel cache and add the following options to the kernel:

device pfdevice pflogdevice pfsyncoptions ALTQoptions ALTQ_CBQ

Compile the kernel

/usr/sbin/config cachecd ../config/cachemake dependmakemake install

At this point, the kernel has been compiled.

reboot

5. Let the system automatically load pf

Edit/etc/rc. login = "NO" defaultrouter = "login" hostname = "login" ifconfig_fxp0 = "inet mask netmask mask 255.255.248" Highlight = "inet 192.168.2.10 netmask mask 255.255.0" gateway_enable = "YES" Highlight = "YES "pf_enable =" YES "pf_rules ="/etc/pf. conf "pf_flags =" "pflog_enable =" YES "pflog_logfile ="/var/log/pflog "sshd_enable =" YES"

6. Enable ip Forwarding
Add the following content to/etc/sysctl. conf:

net.inet.ip.forwarding=1