Performance issue tweaking need to help performance

fastcon68

I have now been running ZEN with PFsense 5.0 for awhile now.  It is running really well.  I have installed SQUID, SQUIDGUARD, & IMSPECTOR.  Everything is working really well.  I have 3 MB by 512MB DSL connection.

I have noticed a difference between a machine behind the proxy and a machhine not behind the proxy.  The downloads from behind the proxy are about half the download rate verse a machine not behind the proxy.  I just wanted to know if, I needed to give higher prior to the virtual server that is running pfsense.

I need to also add snort back and well.  I currently have 2 virtual processor and 768 meg of ram avaiable to virtual server.

I am also looking at upgrading a copy of my current image to verison 1.3.  Does anyone have any thoughs or concerns?

I am really enjoying the virtual pfsense servers.  I currently have a 1.3 and 1.2 virtual server, I switch between them at will.  By bring either up and almost all vpn connections work.  2 differnt one's dont.

Virtual servers are a great way to do.  I backup my production image once a week.  It works great.  I have had a image blow up and it failed horrible.  I just restored from my backup and ther server was backup in about 10 minutes.

It is the best way to go.
RC

Bern

The general consensus is that you shouldn't run any kind of critical security device, including pfSense, inside a virtual machine.

As for your squid problem, you don't mention which version of pfSense you're running (5 isn't a pfSense version), but if it's 1.2 then add these lines to your /boot/loader.conf and reboot:

kern.ipc.nmbclusters="32768"
kern.maxfiles="65536"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

Cheers

Bern

fastcon68

Bern,
It is version 1.2 and I am running XEN 5.0.  I had to start using virtual machines due utilizies cost and the cost of running older machines.  Since I have cut over to virtual machines.  I have cut my utility bill by 200.00 a month.  This includes additional AC unit required for cooling.

How do I edit the loader.conf file.  I never modified the conf files at all before.
RC

Cry Havok

That'll be Citrix's Xen then.

To edit loader.conf use vi, as in vi /boot/loader.conf.  Do back the system up first to avoid having to re-install if you make mistakes.

fastcon68

Cry Havok,
Thanks a million.  I have a fullimage backup of my production system.  I can restore it at any time.  The system is awesome.  It's really been a huge cost savings.  I recoupe my investiment in less that 4 months.  I have replaced a bunch of really old machines.  I love it.
RC

fastcon68

I never used vi, where can I loacate a how to use it.  Just curious?
RC