ESXi 和 vCenter Server 5.5 文档 > vSphere 安装和设置 > 系统要求 ESXi 硬件要求确保主机符合 ESXi 5.5 支持的最低硬件配置。 硬件和系统资源要安装和使用 ESXi 5.5，您的硬件和系统资源必须满足下列要求： ■ 支持的服务器平台。有关支持的平台的列表，请参见《VMware 兼容性指南》，网址为 http://www.vmware.com/resources/compatibility。 ■ ESXi 5.5 将仅在安装有 64 位 x86 CPU 的服务器上安装和运行。 ■ ESXi 5.5 要求主机至少具有两个内核。 ■ ESXi 5.5 仅支持 LAHF 和 SAHF CPU 指令。 ■ ESXi 5.5 需要在 BIOS 中针对 CPU 启用 NX/XD 位。 ■ ESXi 支持多种 x64 多核处理器。有关受支持处理器的完整列表，请参见《VMware 兼容性指南》，网址为 http://www.vmware.com/resources/compatibility。 ■ ...

Traffic accounting with iptablesJump to: navigation,searchSuppose you need to know how much traffic your containers eat. It can be easily doneusing iptables.Contents [hide] 1 Situation description2 Solution3 More complicated cases4 Scripting4.1 Get CTIDs of all running containers4.2 Get all IPs of running containers4.3 Set up all needed iptables rules4.4 Generate a traffic.log4.5 Sample php script to store the trafficlog in a database4.6 A SQL query to get the traffic for the last 30 days4.7 Notes5 See also[edit] Situation description Let's consider the very simple situation: one container with one IP address on the Hardware Nodewith only one network interface. To be more exact, assume that container ID is 200, the IP address of the HNis 192.168.0.56, the network interface name is eth0, and the IP address of the container is 192.168.0.117.You wish to know how many bytes container 200 eats. One more assumption is that there are no iptables ruleson HN now. All these assumptio...

Setting up an iptables firewallJump to: navigation,searchThis document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the containers. The effect would emulate, as far as the containers and their customers are concerned, an external hardware firewall controlled by the sysadmin. The second is setting up a firewall that protects the HN itself but still allows traffic to the containers, thus allowing individual containers to define their own iptables.While the firewalls shown here can be accomplished using iptables manually (or using Fedora core's iptables service), the methods presented here are especially modular and easy to modify. This is important when you have 20+ containers and a lot of other things to be doing...The scripts and pathnames given here are for Fedora Core 6, though they can probably be applied to most similar SysV-like systems with little modification.Contents [hide] 1 A little background2...

Proxmox using iptables in openvz guests I recently upgraded Proxmox and noticed iptables was not working in the guests.Turns out a small edit is required to /etc/vz/vz.conf (we need to add some more modules to be used in the openvz guests).Using any editor, open /etc/vz/vz.conf and change and find the “IPTABLES=” lineChange:IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"To:IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"Then reboot (you can probably just re-start your guests).

OpenVZ 更加好支持iptables 在硬件节点内修改iptables挂载模组vim /etc/sysconfig/iptables-configIPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"vim /etc/sysconfig/vzIPTABLES="ipt_REJECTipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"重新启动VZ服务service vz restart放行更加多的iptables 条目# vzctl set $CTID --numiptent 400 --savevzctl enter $CTIDiptables -P INPUT DROPiptables -P FORWARD DROPiptables -I INPUT -j ACCEPT -m state --state ESTABLISHED,RELATEDiptables -I FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATEDiptables -I INPUT -j ACCEPT -i loiptables -I INPUT -p tcp --dport 25 -j ACCEPTiptables -I INPUT -p tcp --dport 110 -j ACCEPTiptables -I INPUT -p tcp --dport 995 -j ACCEPTiptables -I INPUT -p ...

抵御TCP的洪水  tcp_syn_retries ：INTEGER默认值是5对于一个新建连接，内核要发送多少个 SYN 连接请求才决定放弃。不应该大于255，默认值是5，对应于180秒左右时间。(对于大负载而物理通信良好的网络而言,这个值偏高,可修改为2.这个值仅仅是针对对外的连接,对进来的连接,是由tcp_retries1 决定的)tcp_synack_retries ：INTEGER默认值是5对于远端的连接请求SYN，内核会发送SYN ＋ ACK数据报，以确认收到上一个 SYN连接请求包。这是所谓的三次握手( threeway handshake)机制的第二个步骤。这里决定内核在放弃连接之前所送出的 SYN+ACK 数目。不应该大于255，默认值是5，对应于180秒左右时间。(可以根据上面的 tcp_syn_retries 来决定这个值)tcp_keepalive_time ：INTEGER默认值是7200(2小时)当keepalive打开的情况下，TCP发送keepalive消息的频率。(由于目前网络攻击等因素,造成了利用这个进行的攻击很频繁,曾经也有cu的朋友提到过,说如果2边建立了连接,然后不发送任何数据或者rst/fin消息,那么持续的时间是不是就是2小时,空连接攻击? tcp_keepalive_time就是预防此情形的.我...

windows Linux CGMiner 6卡7970 显卡配置调试在WIN7的cmd模式下使用这两个指令解锁显卡显存占用上限，setx GPU_MAX_ALLOC_PERCENT 100setx GPU_USE_SYNC_OBJECTS 1然后再运行cgminer终于突破13了，现在20也没问题，TC也可以到16384了，只要在开启cgminer前执行下面两条指令就可以了export GPU_USE_SYNC_OBJECTS=1export GPU_MAX_ALLOC_PERCENT=100完了后打开cgminer，I 和 TC要同步加大"intensity" : "18,18","vectors" : "1,1","worksize" : "256,256","kernel" : "scrypt,scrypt","gpu-engine" : "1000,1000","gpu-fan" : "0,0","gpu-memclock" : "1300,1300","gpu-memdiff" : "0,0","gpu-powertune" : "0,0","gpu-vddc" : "0,0","lookup-gap" : "2,2","thread-concurrency" : "16384,16384","shaders":"1792,1792","temp-cutoff" : "95,95","temp-overheat" : ...

�����ڵ�����Ȩ�鿴����־

Burning an IMG FileIf your system does not have a CDROM drive to install from, you can instead write the operating system directly to a compact flash card or USB thumbdrive. Download the img.xz file, uncompress the file, and write it to a compact flash card or USB thumbdrive that is 2 GB or larger. You then boot into that device to load the FreeNAS® operating system. This section demonstrates how to write the image using several different operating systems. The Unetbootin tool is not supported at this time.DANGER! The dd command demonstrated in this section is very powerful and will destroy any existing data on the specified device. Be very sure that you know the device name to write to and that you do not typo the device name when using dd! If you are uncomfortable writing the image yourself, download the .iso file instead and use the instructions in Installing from CDROM.Once you have written the image to the device, make sure the boot order in the BIOS is set to boot from tha...

莱特币(Litecoin) 挖矿教程 除了比特币之外，价格最坚挺的就要数莱特币了。Mt.Gox也宣布最近有支持莱特币的计划。比起比特币的专业矿机，莱特币挖矿比较平民化，用普通的电脑就可以。今天就来讲一下莱特币的挖矿方法。第一步 下载莱特币客户端下载莱特币客户端可以 点击这里下载 ，读者可以找到适合自己操作系统的版本。安装过程非常简单，只要等待数据块下载完毕就可以使用了。第二步 下载挖矿软件对于CPU挖矿首先你需要下载pooler-cpuminer来进行CPU挖矿。下面的列表中有各个操作系统的版本下载。选择适合你的版本，下载并解压缩。Windows 32 bits Version 2.23Windows 64 bitsVersion 2.22Linux 32 bits Version 2.2.3Linux 64 bits Version 2.2.3Macintosh 32 bits Version 2.1.2Macintosh 64 bits Version 2.2.2对于网络状况不好的童鞋，可能还需要安装 Stratum mining proxy 。将下载好的mining_proxy放到pooler-cpuminer的压缩文件中第三步 注册一个矿池账号。下面是一些著名的莱特币矿池，选择一个你喜欢的，注册一个账号。◼WeMineLTC  5,543.7 MH/s◼Coinotron  4,406.2 MH/s◼give-me-ltc.com 4,379.9 MH/s◼litecoinpool.org 3,247.8 MH/s◼Pool-...