鱿鱼 2.7 - FreeBSD 8.2
启用 ipfilter 时,使用 squid 的 Internet 体验太慢。这是我目前的配置:
rl0 = 内部 LAN bge0 = 互联网 WAN
ipf 规则:
pass out quick on rl0 all
pass in quick on rl0 all
# out to internet
pass out quick on bge0 proto tcp from any to any port = 8080 flags S keep state
pass out quick on bge0 proto tcp from any to any port = 80 flags S keep state
pass out quick on bge0 proto tcp from any to any port = 443 flags S keep state
# Query to internet provider DNS
pass out quick on bge0 proto tcp from any to x.x.x.x port = 53 flags S keep state
pass out quick on bge0 proto udp from any to x.x.x.x port = 53 keep state
# protect my network
block out log first quick on bge0 all
block in log first quick on bge0 all
# others
pass in quick on lo0 all
pass out quick on lo0 all
当我打开所有流量时,互联网连接工作正常:
pass in quick on bge0 all
pass out quick on bge0 all
怎么了?