Redundant Failover firewall with pf, pfsync a…

Redundant Failover firewall with pf, pfsync and CARP on FreeBSD
Posted by Chris Barnes on 2007年6月15日
This is a step by step tutorial that should take most of a day. I'm posting this here mostly as a reminder so that I can come back and read it when I need to build another firewall but hopefully it will be helpful to someone else also. If you find this tutorial useful or if you find anything wrong with it, send me an email
hammockintahiti@gmail.com
.
Install FreeBSD
Download the disc 1 and disc 2 from
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/6.2
Burn the iso images to cds and boot the target machine with disc 1.
Start a Standard installation.
Highlight any partitions and hit "d" to delete them, then hit "a" to use the entire disk, then hit "q" to continue.
Choose Standard for no boot manager.
Create partitions. You can adjust the sizes of the partitions based on the size of your drive. The /usr/local and /usr/home partitions can go as low as 128MB since this won't be a common-user system and there won't be a lot of user-specific files or binaries...but the /usr partition should never go below 2,000MB since that's where all of your kernel source code and ports tree is located. Here's a partition scheme if you have a 6GB drive:
486MB swap partition (or at least 2x your RAM)
512MB file system mounted as /
512MB file system mounted as /tmp
1267MB file system mounted as /var
3115MB file system mounted as /usr
128MB file system mounted as /usr/local
128MB file system mounted as /usr/home
Press q to continue.
Highlight Kern-Developer and press space bar.
When asked about installing the ports collection choose yes.
Highlight exit and press enter.
Choose CD/DVD as the install media.
Last Chance, are you sure? Yes
When you see Congradulations, hit ok.
FreeBSD Post-Install configuration
Would you like to configure any ethernet or SLIP/PPP network devices? Yes
Highlight your device that is connected to the internet and press enter.
Do you want to try IPv6? No
Do you want to try DHCP? Yes
Verify network info and update if necessary.
Do you want this machine to function as a gateway? Yes
Do you want to configure inetd and the network services that it provides? No
Would you like to enable SSH login? Yes
Do you want to have anonymous FTP access to this machine? No
Do you want to configure this machine as an NFS Server: No
Do you want to configure this machine as an NFS Client: No
Would you like to customize your system console settings? No
Would you like to set this machine's time zone now? Yes
Is your machine's CMOS clock is set to UTC? No
Select the appropriate time zone - by region, country, and then the applicable time zone.
Would you like to enable Linux Binary compatibility? No

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有