试译pfSense说明文档

名字难起

首先说明一下，本人的水平有限，所以速度不能保证，准确度嘛，尽力保证，如有不对的地方，希望大家给予指正。另外，今天看了一下，官网的说明书好象很长，可能要多个贴子才能够放得下，所以希望大家在俺完成之前先不要抢楼层（就怕翻译完了也没有人顶咯）。
What pfSense is
pfSense是什么？
pfSense is fundamentally a heavily customised installation of FreeBSD 6. However, in order to understand how best you can use pfSense, and what its strengths are, seeing it as a custom OS install is not helpful. The pfSense project is trying to create a firewall 'appliance' - a highly integrated piece of software that can be installed on a generic PC, transforming it into a state-of-the-art firewall, with equivalent or better functionality to many commercial firewalls sold today.
pfSense是FreedBSD 6 的基础精确安装版本。无论如何，从更好的理解它的使用和强大功能的角度出发，把它看做一个普通的ＯＳ（操作系统咯）安装并没有什么益处。PfSense项目的宗旨是建立一种可以安装在普通ＰＣ（家用电脑）上的高级防火墙，并把普通ＰＣ变成一部优秀的防火墙。
In order to do this, pfSense uses tools from FreeBSD and OpenBSD, generally under a variant of the BSD or ISC licence, and combines them with a secure web interface for easy remote configuration. The end result could possibly be compared to a consumer embedded firewall, but with increased performance, a better packet filter (thanks to OpenBSD & PF), a faster networking stack (provided by the FreeBSD kernel) and many features, such as Multi-WAN, Captive Portal support and configurable integrated Traffic Shaping, that are only normally available on firewalls sold for thousands of dollars by multi-million dollar corporations.
为了这个目的，pfSense使用了FreeBSD和OpenBSD为基础的开发工具，并在此基础上建立一个易于使用的防火墙系统。虽然它现在还不够完善，但是我们将努力开发和强化诸如Multi-WAN（多口接入咯）等功能。

[ 本帖最后由 名字难起 于 2006-9-26 18:17 编辑 ]

名字难起

CPU and RAM CPU和内存（别问俺ＣＰＵ是什么）
pfSense is only supported on the x86 architecture. The minimum requirements of pfSense are a 133 MHz CPU with a minimum of 64MB RAM. This machine will serve well as a basic firewall for a 'slow' broadband internet connection, such as an ADSL(1) line. However more demanding uses will require better hardware. A CPU of 400+ Mhz in combination with greater than 128MB RAM is recommended.
PfSense支持基于Ｘ８６架构的系统（译者注，个人感觉应该是从80386开始的IA32系统更贴切些）。最低要求是133Mhz的CPU和64Mb的内存。当然，这种配置只能一台基本的防火墙，运行在低速互联网络接口上，如ADSL单线接入。无论如何，想要达到更高的效率，就要更好的系统配置。建议配置是400以上的Mhz的CPU和128Mb以上内存。
If the fastest NIC in your machine is 10/100Mbps: Bear in mind that the CPU will probably be the bottleneck in your system. Also, most benchmarks will be for single TCP transfers across the firewall, and more complex traffic to multiple hosts will take more CPU power and so decrease firewall performance. If maximal speed is important, we suggest erring on the side of caution.
If you want to run a Gigabit NIC: You will need not only a very fast CPU, but also PCI-X connectivity as the standard PCI bus is saturated by this much data. Consider talking to the developers at #pfsense on irc.freenode.net if you want advice on building a pfSense box for this level of traffic.
上面二段综合起来，简单一点说就是，如果使用10.100Mbps快速ＮＩＣ，那么对ＣＰＵ的要求就比较高。如果使用千兆的ＮＩＣ呢，对ＣＰＵ的要求就相对低一些。
See below for advice on Ethernet NIC choice, as a low-quality card can increase CPU usage on your firewall substantially.
建议选择性能强劲的ＮＩＣ，这样可以减少ＣＰＵ的使用率（提高防火墙效率咯）。
You can also run pfSense on embedded x86 hardware. Currently the PC-Engines WRAP, Soekris Platforms and the NexCom platform are being used by the developers to test the embedded version of pfSense, so support for these should be good. Every platform supported by FreeBSD 6.x should work, though some adjustments to the pfSense software may be required.
To help judge whether an embedded platform is sufficiently powerful for your requirements, the WRAP, with its 266MHz 586 Geode processor, can currently route about 32Mbps between its ethernet interfaces. It is also capable of saturating the 'real-world' maximum bandwidth of 802.11g cards (~25Mbps) across a bridged ethernet-wireless interface.
当然pfSense也可以运行在基于X86系统的其他硬件上面，译者注：列举的诸如掌上电脑等硬件系统及相应系统要求从略。

Graphics 显示系统（显卡）要求

Any graphics card will do (including integrated graphics), as a monitor is only required when you install pfSense. If your system can only run headless, the install media can be created on a different computer, then installed into the headless box. See Installing pfSense for details. There are many boards which do not require a graphic card at all during normal operation.
Embedded x86 boxes normally do not have graphics hardware. Instead, installation is carried out by formatting a Compact Flash card, and the serial port is used to access the pfSense console.
基本上任何显卡都可以，对于没有显示芯片的类X86系统，pfSense安装在Flash卡上，可以通过serial port（串口，接方口鼠标的那东西）进行控制。
Wired Networking 　有线网络
You need at least 2 ethernet network cards (NICs) for routing and firewall purposes. It is also possible to use certain wireless network adapters.
如果做为防火墙或者路由的话，至少需要二块ＮＩＣ（网卡），当然，也可以使用无线网卡。
Cheap chipset NICs (especially Realtek chipsets) will put more load on the CPU than quality cards would. This may not be a problem for the average user, but these cards should not be considered for firewall/router use. pfSense recommends Intel PRO/100 PCI cards for 10/100Mbps, or Intel PRO/1000 PCI-X cards for Gigabit use, as they are of high quality and directly supported by the Intel developers on FreeBSD. The dual channel Intel cards use the same drivers as the single channel cards, so those are supported as well.
一些廉价ＮＩＣ（特别是Realtek芯片组）会增加ＣＰＵ的负担，虽然对普通用户没有太大影响，但是俺们不建议你使用这些廉价的网卡。建议使用Intel 的100ＭＢ PCI网卡，或者Intel的1000ＭＢ网卡。译者说，看到没，人家明确点明ＲＴＬ不行了，悲哀咯。
Wireless Networking
pfSense has excellent wireless support, thanks to the net80211 layer coded for FreeBSD 6, and the drivers written using it.
The chipsets with the most mature open source driver support are made by Atheros. However, Realtek have co-operated well with the OpenBSD developers, allowing a high quality driver to be produced, and their 802.11g chipsets have drivers which are fully distributable under BSD-style licences. Therefore, cards based on either manufacturer's chipset are both good choices to include in a wireless pfSense installation.
pfSense allows a wireless card to be configured as a WAN, LAN or OPT interface, and in Access Point, BSS and IBSS mode. The most tested use of pfSense is as an open source Access Point (that is a wireless interface bridged to an ethernet network). In this role it functions extremely well, supporting WPA and WPA2 authentication.
以上是关于无线网卡，大体来说呢，只要是支持802.11规范的，都可以用～～～～用途呢，很广泛～～基本上和有线网卡一样咯
Please note that it is not possible to bridge a wireless interface configured as a client (e.g. in BSS mode) to a wired network. This is because of limitations inherent in the 802.11 standard.
限于802.11的原因，你是不可能把桥接一个无线网卡作为应用客户端的（例如BBS）。这段俺也不大明白什么意思，期待高人指点。
Disk Controller 磁盘控制器
pfSense supports the vast majority of disk controllers available, though RAID support is currently unavailable. Nevertheless, you are advised to check the FreeBSD 6.1 hardware compatibility list to ensure that your disk controller is supported.
基本上除了ＲＡＩＤ之外，都支持～或者说只要是FreeBSD 6.1支持的，就支持！！
Media 存储界质
For standard (CD-ROM) installations, a hard drive larger than 1GB is recommended.
The embedded version is optimized for headless installation on a CompactFlash card or similar media of at least 128MB. However it is always saver to use a larger card in order to 'future-proof' against any changes in the pfSense firmware size. It is also recommended that you use branded media (e.g. Sandisk). Remember that your pfSense will most likely run 24/7 and the media is a vital part of the setup. pfSense can also be installed onto larger capacity media, but there currently is no advantage in doing so, as the package manager (which allows you to install extra software) is not enabled on the embedded version.
如果使用ＣＤ安装，那么至少要有１ＧＢ的空间，Flash卡的话至少需要１２８ＭＢ空间。译者，下面关于包的优化的部分从略，有能力自己搞封包，谁还来看俺翻译的东西哇

[ 本帖最后由 名字难起 于 2006-9-26 19:02 编辑 ]

xdyscn

大力支持搂住贡献精神，如果能在搞些其他方面的就更好了，期待。