楼上的带了多少用户?是否加载了带宽分配和复杂的防火墙规则?
请看
QUOTE
ip firewall rule input> printFlags: X - disabled, I - invalid, D - dynamic0 ;;; Drop telnet or ssh from public in-interface=PublicNIC dst-address=:22-23 protocol=tcp action=drop log=yes1 ;;; drop SNMP Trap(TCP) in-interface=PublicNIC dst-address=:161-162 protocol=tcp action=drop log=yes2 ;;; drop SNMP Trap(UDP) in-interface=PublicNIC dst-address=:161-162 protocol=udp action=drop log=yes3 ;;; Reject proxy connections dst-address=:8080 protocol=tcp action=reject log=yes4 ;;; Allow established TCP connections protocol=tcp connection-state=established action=accept5 ;;; Related connections connection-state=related action=accept6 ;;; Drop Blaster Worm. dst-address=:135-139 protocol=tcp action=drop log=yes7 ;;; Drop Blaster Worm dst-address=:445 protocol=tcp action=drop8 ;;; Drop Messenger Worm dst-address=:135-139 protocol=udp action=drop log=yes9 ;;; Drop DNS Query from WAN in-interface=PublicNIC dst-address=:53 protocol=udp action=drop log=yes 10 ;;; Allow UDP connections protocol=udp action=accept 11 ;;; Allow limited pings protocol=icmp limit-count=100 limit-burst=2 limit-time=5s action=accept 12 ;;; Drop excess pings protocol=icmp action=drop 13 ;;; Allow access from 'trusted' network 192.168.1.0/24 src-address=192.168.1.0/24 action=accept 14 ;;; Reject and log everything else action=reject log=yes
QUOTE
ip firewall rule forward> printFlags: X - disabled, I - invalid, D - dynamic0 ;;; drop p2p track 6969 in-interface=LocalNIC dst-address=:6969 out-interface=PublicNIC protocol=tcp action=drop1 ;;; drop p2p track 8080 in-interface=LocalNIC dst-address=:8080 out-interface=PublicNIC protocol=tcp action=drop2 ;;; drop all p2p application packets p2p=all-p2p action=drop3 ;;; drop p2p tcp port range: 16881-16889 in-interface=LocalNIC dst-address=:16881-16889 out-interface=PublicNIC protocol=tcp action=drop4 ;;; drop blaster worm dst-address=:135-139 protocol=tcp action=drop log=yes5 ;;; drop messenger worm dst-address=:135-139 protocol=udp action=drop log=yes6 in-interface=LocalNIC dst-address=61.135.128.208/30 out-interface=PublicNIC protocol=tcp action=accept7 in-interface=LocalNIC dst-address=61.135.128.212/30 out-interface=PublicNIC protocol=tcp action=accept8 in-interface=LocalNIC dst-address=202.165.102.113/32 out-interface=PublicNIC protocol=tcp action=accept9 in-interface=LocalNIC dst-address=202.165.102.114/32 out-interface=PublicNIC protocol=tcp action=accept 10 in-interface=LocalNIC dst-address=202.165.102.136/29 out-interface=PublicNIC protocol=tcp action=accept 11 ;;; Block 3721 in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=3721 action=drop log=yes 12 ;;; Block 3721-CnsMinH.cab in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=CnsMinH.cab action=drop log=yes 13 ;;; Block 3721 IP in-interface=LocalNIC dst-address=61.135.128.208/29 out-interface=PublicNIC protocol=tcp action=drop 14 in-interface=LocalNIC dst-address=202.165.102.127/32 out-interface=PublicNIC protocol=tcp action=drop 15 in-interface=LocalNIC dst-address=202.165.102.128/32 out-interface=PublicNIC protocol=tcp action=drop 16 in-interface=LocalNIC dst-address=202.165.102.112/28 out-interface=PublicNIC protocol=tcp action=drop 17 in-interface=LocalNIC dst-address=202.165.102.128/28 out-interface=PublicNIC protocol=tcp action=drop 18 in-interface=LocalNIC dst-address=202.43.217.32/32 out-interface=PublicNI> protocol=tcp action=drop 19 in-interface=LocalNIC dst-address=202.43.217.33/32 out-interface=PublicNI> protocol=tcp action=drop 20 in-interface=LocalNIC dst-address=202.43.217.107/32 out-interface=PublicNIC protocol=tcp action=drop 21 in-interface=LocalNIC dst-address=202.43.217.108/32 out-interface=PublicNIC protocol=tcp action=drop 22 in-interface=LocalNIC dst-address=202.43.217.115/32 out-interface=PublicNIC protocol=tcp action=drop 23 in-interface=LocalNIC dst-address=202.43.217.116/32 out-interface=PublicNIC protocol=tcp action=drop 24 ;;; Block POPUP window of taobao1 (this URL iswww.unionsky.cn) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=unionsky.cn action=drop log=yes 25 ;;; Block POPUP window of taobao1 (this IP is218.108.245.135) in-interface=LocalNIC dst-address=218.108.245.135/32 out-interface=PublicNIC protocol=tcp action=drop 26 ;;; Block POPUP window of taobao2 (this URL iswww.allyes.com) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=allyes.com action=drop log=yes 27 ;;; Block POPUP window of taobao2 (this ip is210.52.214.204) in-interface=LocalNIC dst-address=210.52.214.204/32 out-interface=PublicNIC protocol=tcp action=drop 28 ;;; Block hotbar.com (this URL is hotbar.com) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=hotbar action=drop log=yes 29 ;;; Block hotbar.com (this ip is 165.254.12.100) in-interface=LocalNIC dst-address=165.254.12.100/32 out-interface=PublicNIC protocol=tcp action=drop 30 ;;; Drop fere2.com in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=fere2.com action=drop log=yes 31 ;;; Drop joyrain.com in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=joyrain.com action=drop log=yes 32 ;;; Drop 3322.org in-interface=LocalNIC out-interface=PublicNIC content=3322.org action=drop 33 ;;; Block netpassword.net in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=netpassword.net action=drop log=yes 34 ;;; Drop MMS online video in-interface=LocalNIC dst-address=:1755 out-interface=PublicNIC protocol=tcp action=drop 35 ;;; Block sina-nmGamex.cab in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=nmGamex.cab action=drop log=yes
QUOTE
ip firewall mangle> printFlags: X - disabled, I - invalid, D - dynamic0 ;;; Mark p2p connections (192.168.1.0/24) src-address=192.168.1.0/24 in-interface=LocalNIC p2p=all-p2p action=passthrough mark-connection=p2p_con1 ;;; Mark p2p Flow connection=p2p_con action=accept mark-flow=p2p_limit
QUOTE
queue tree> printFlags: X - disabled, I - invalid, D - dynamic0 name="p2p_down_limit" parent=LocalNIC flow=p2p_limit limit-at=0 queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=01 name="p2p_up_limit" parent=PublicNIC flow=p2p_limit limit-at=0 queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
QUOTE
queue simple> printFlags: X - disabled, I - invalid, D - dynamic0 name="From Asante 256/128 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.13/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/1310721 name=".155 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.155/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/655362 name=".154 384/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.154/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=393216/655363 name=".153 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.153/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/655364 name=".152 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.152/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/655365 name=".151 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.151/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536 ...... 30name=".185 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.185/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536
30个客户端,内网服务器3台,分别提供内外网email, web, sql服务 楼主透露一下防火墙设置吧 运行上千小时的xd能贴一下主板和网卡的具体型号啊?这样参考价值会比较大,谢谢了! 楼主说说你的配置 QUOTE (voatec @ Dec 28 2004, 09:22 PM)
看图吧,一目了然
带30个机器有点浪费 不过2000多个小时不重新启动 也值得了 呵呵 600台机子的。想知道一下你的怎么分网段的。用三层交换要还是用软件分的。。 关注此贴 最近出差了,呵呵现在路由一直都没有挂过~非常稳定~600台机器用的是三层的交换,联想的3524G路由配置intel 865pe(原)DDR 400 256mp4-3.06intel 100pro服务器网卡 建议大家买好点的电源,台达300W不错,做工非常好,一看就是好东西,价格很实惠!cpu风扇一定要选好的~别不舍得花钱~我现在用的是超大的热管散热器,机器就扔在机柜里的3524G交换机上! cpu 3.06G昏倒~~~~~~~~~ QUOTE (yftg @ Jan 15 2005, 04:06 PM)
最近出差了,呵呵现在路由一直都没有挂过~非常稳定~600台机器用的是三层的交换,联想的3524G路由配置intel 865pe(原)DDR 400 256mp4-3.06intel 100pro服务器网卡 建议大家买好点的电源,台达300W不错,做工非常好,一看就是好东西,价格很实惠!cpu风扇一定要选好的~别不舍得花钱~我现在用的是超大的热管散热器,机器就扔在机柜里的3524G交换机上!
强烈谴责此种浪费行为!!!! 我的LINUX9 NAT:C800(纯铜散热片)SD 128M8139*3客户机200台2条10M光纤运行了两个月了...硬盘40G(加风扇)
页:
1
[2]