江苏龙网

  1. 主页 > 生活百科 > >

用 Ubuntu 自己设定软路由,不用现成的软路由系统( 五 )

软路由


[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 1.07 GBytes 917 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 1.06 GBytes 914 Mbits/sec receiver
iperf Done.
al@DESKTOP-CFK04JL:~$ iperf3 -c 10.0.0.133 -t 10
Connecting to host 10.0.0.133, port 5201
[ 4] local 10.0.1.29 port 41272 connected to 10.0.0.133 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 108 MBytes 906 Mbits/sec 0 1.04 MBytes
[ 4] 1.00-2.00 sec 110 MBytes 923 Mbits/sec 0 1.04 MBytes
[ 4] 2.00-3.00 sec 111 MBytes 933 Mbits/sec 0 1.04 MBytes
[ 4] 3.00-4.00 sec 110 MBytes 923 Mbits/sec 0 1.33 MBytes
[ 4] 4.00-5.00 sec 110 MBytes 923 Mbits/sec 0 1.33 MBytes
[ 4] 5.00-6.00 sec 111 MBytes 933 Mbits/sec 0 1.33 MBytes
[ 4] 6.00-7.00 sec 109 MBytes 912 Mbits/sec 0 1.33 MBytes
[ 4] 7.00-8.00 sec 111 MBytes 933 Mbits/sec 0 1.33 MBytes
[ 4] 8.00-9.00 sec 110 MBytes 923 Mbits/sec 0 1.33 MBytes
[ 4] 9.00-10.00 sec 110 MBytes 923 Mbits/sec 0 1.33 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 1.07 GBytes 923 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 1.07 GBytes 920 Mbits/sec receiver
iperf Done.
al@DESKTOP-CFK04JL:~$
 
WAN-to-LAN 速度 > 900 Mbits/sec,满意!
 
sysctl.conf
部分设定是希望增加 Network throughput 的,可是测试过,没看到区别 。
部分设定是增加安全的(参考了一些网页,还有 ipcop, clearOS, debian 等系统) 。
 
因为 sysctl.conf 已经设置了,所以 1楼的
/usr/myscripts/iptables/pre-up-rules 可以去掉下面几行:
# Ref : https://wiki.debian.org/DebianFirewall
#echo -n '1' > /proc/sys/net/ipv4/ip_forward
#echo -n '0' > /proc/sys/net/ipv4/conf/all/accept_source_route
#echo -n '0' > /proc/sys/net/ipv4/conf/all/accept_redirects
#echo -n '1' > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#echo -n '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
# disable ipv6
【用 Ubuntu 自己设定软路由,不用现成的软路由系统】net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
# https://easyengine.io/tutorials/linux/sysctl-conf/
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
# Increase size of file handles and inode cache
fs.file-max = 2097152


推荐阅读


上一篇:行业大数据有哪些安全风险

下一篇:刷乳胶漆前如何遮挡家具,装修的时候要保护哪些东西