Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid and the Limiter

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaybee
      last edited by

      I am using the latest version of pfSense and Squid3 version 3.1.20 installed via package.  I have a bandwidth limiter for the lan but I would like to NOT limit traffic coming from the squid cache.  I want it to go full speed.  It seems that the Squid zero Penalty feature is what need (http://wiki.squid-cache.org/Features/QualityOfService).

      I think if I use something like this qos_flows local-hit=0x30 to mark the cache hits and then use a lan rule with Diffserv Code Point to mark to allow traffic to pass with the rule being before the rule that limits the bandwidth that seems like it would do the trick.  Problem is that the wiki says I need this "Requires –enable-zph-qos configure option".  How do I set this?  I tried putting --enable-zph-qos and enable-zph-qos (without the  --) in custom options box on the proxy server general tab, but I get this

      error:cache_cf.cc(381) parseOneConfigFile: squid.conf:100 unrecognized: 'enable-zph-qos'

      when I do a squid -z from the command line.

      I also tried just adding qos_flows local-hit=0x30 but then I get this  cache_cf.cc(381) parseOneConfigFile: squid.conf:100 unrecognized: 'qos_flows'.

      Anyone have any idea how to get this to work?  Also does this qos_flows local-hit=0x30 need to be 0x30 or should it be something else and what I select for the diffserv code point for the LAN rule.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • J
        jaybee
        last edited by

        I downgraded to squid 2.7 and can now successfully mark packets with whatever hex code I select, but I cannot get pfsense to do anything with them.  I verified the packets with tcpdump -nvi bge1 and see the tos hex value that I marked with.  I tried setting rules with diffserve code that corresponds to the hex value and tried the shaper but it seems as thought pfsense ignores all of them.  Checking the logs, they do not show any packets that were matched, blocked or passed that were marked by squid.  Having squid deliver cached pages at full wire speed is very important.  It is also a must to share bandwidth evenly.

        I can get squid to deliver pages at full wire speed if I use no limiters.  Does anyone have any clue how to do this while still using limiters for non cached pages?  Or at the very least get pfsense to recognize the tos, dscp, diffserv (whatever you want to call them) values?

        1 Reply Last reply Reply Quote 0
        • M
          memo535
          last edited by

          +++++++++

          1 Reply Last reply Reply Quote 0
          • N
            ney2x
            last edited by

            Have you tried custom delay pools? It's working for me, you should try it.

            LUSCA r14850 patched by chudy.

            1 Reply Last reply Reply Quote 0
            • M
              memo535
              last edited by

              +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

              1 Reply Last reply Reply Quote 0
              • M
                memo535
                last edited by

                https://forum.pfsense.org/index.php?topic=59600.30

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.