标题: Solaris 9 用IPFILTER作网关:QQ 延时问题的解决!! [打印本页] 作者: weileng 时间: 2005-05-18 12:12 标题: Solaris 9 用IPFILTER作网关:QQ 延时问题的解决!! 雕虫小技,只是发现没有这方面的帖子。才写出来和大家分享。\r\n\r\n前言:\r\n一日,和同学吃饭。他谈及这个问题,我愤愤地说是腾讯的公司的服务器有问题。勿之。翌日,查资料发现系我的错。歉之,而后作。\r\n\r\n正文:\r\n\r\n查相关资料得到Solaris 9 下IPF的默认配置:\r\n\r\nipf.fr_flags: 0\r\nipf.fr_pass: 514\r\nipf.fr_active: 0\r\nipf.fr_tcpidletimeout: 864000\r\nipf.fr_tcpclosewait: 480\r\nipf.fr_tcplastack: 480\r\nipf.fr_tcptimeout: 480\r\nipf.fr_tcpclosed: 120\r\nipf.fr_tcphalfclosed: 14400\r\nipf.fr_udptimeout: 240\r\nipf.fr_udpacktimeout: 24\r\nipf.fr_icmptimeout: 120\r\nipf.fr_icmpacktimeout: 12\r\nipf.fr_defnatage: 1200\r\nipf.fr_ipfrttl: 120\r\nipf.ipl_unreach: 13\r\nipf.fr_running: 1\r\nipf.fr_authsize: 32\r\nipf.fr_authused: 0\r\nipf.fr_defaultauthage: 600\r\nipf.fr_chksrc: 0\r\nipf.ippr_ftp_pasvonly: 0\r\nipf.fr_minttl: 3\r\nipf.fr_minttllog: 1\r\n\r\nQQ延时和IPF的timeout的设置有关系,同时为了加速加了如下的设置:\r\nbash-2.05# vi /etc/sysem\r\n\r\n* ipf: adjust the default tcp timeouts downward so that\r\n* idle (dead) and half closed states get killed off quicker.\r\nset ipf:fr_tcpidletimeout = 172800\r\nset ipf:fr_tcphalfclosed = 7200\r\n*\r\n* ipf: adjust the state table sizes so we have enough buckets.\r\n* IPSTATE_MAX (=fr_statemax) should be ~70% of IPSTATE_SIZE\r\n* IPSTATE_SIZE (=fr_statesize) has to be a prime number\r\nset ipf:fr_statemax = 7000\r\nset ipf:fr_statesize = 10009\r\n*\r\n* ipf: adjust the NAT table sizes so we have enough buckets.\r\n* generally you have fewer than 127 rules in ipnat.conf\r\n* so no need to waste memory for more.\r\nset ipf:ipf_nattable_sz = 10009\r\nset ipf:ipf_natrules_sz = 127\r\nset ipf:ipf_rdrrules_sz = 127\r\n*\r\n* note that the timers run \"2 ticks to a second\", so\r\n* for example, written below is the following:\r\n* set ipf:fr_tcpidletimeout = 172800\r\n* this sets the tcp idle connection timeout to\r\n* (172800/2) / 3600 = 24 hours.\r\n* \r\nset ipf:fr_udptimeout=2400\r\nset ipf:fr_udpacktimeout=240\r\n\r\nbash-2.05# init 6\r\n\r\nQQ 工作正常。