Pfsense+squid+squidguard for a medium company?!

cracker1985

Hello Everyone!

We had already installed and configured pfsense2.2.4 + Squid3 + SquidGuard1.9.15 + Samba4.0 packages for 1500 users (online 500 users). NTLM authentication works fine.

But, every 1.5 - 2 hours users became connects to Internet very slow. In that time we are looking to cache.log , but there are nothing appears until users can connect to

Internet. After squid service restart users can connect to Internet normally. Please look at the attached pictures and help me to define my mistakes. Thanks for help!

1447268060526screencapture.png_thumb
1447267949542screencapture.png_thumb

1447266976648screencapture.png_thumb
1447266881327screencapture.png_thumb
1447266846612screencapture.png_thumb

1447266658018screencapture.png_thumb

KOM

I don't think you have made any mistakes with this config. I've read that aufs is a better filesystem choice that ufs. Nothing in the System - General log when the problem happens? You can increase the amount of debug info in cache.log by adding this to your Integrations section of Squid config:

debug_options rotate=1 ALL,2 11,5

Now check cache.log again when the problem happens. You could also shell in and run:

squidclient -h LAN_IP -p SQUID_PORT mgr:info

and check your Median Service Times and Resource usage for squid.

cracker1985

Hello Sir!

System - General log >

kernel: sonewconn: pcb 0xfffff800a9223930: Listen queue overflow: 193 already in queue awaiting acceptance (345 occurrences)

We are increased ```
kern.ipc.soacceptqueue=2048


netstat -Lan

Current listen queue sizes (qlen/incqlen/maxqlen)
Proto Listen        Local Address       
tcp4  349/0/2048    x.168.11.252.8080   
tcp4  1035/0/2048    x.0.0.1.8080         
tcp4  0/0/128        *.22                 
tcp6  0/0/128        *.22                 
tcp4  0/0/128        127.0.0.1.953         
tcp4  0/0/128        *.53                 
tcp6  0/0/128        *.53                 
tcp4  0/0/50        *.139                 
tcp4  0/0/50        *.445                 
tcp6  0/0/50        *.139                 
tcp6  0/0/50        *.445                 
tcp6  0/0/128        *.80                 
tcp4  0/0/128        *.80

cracker1985

Finally, i found my problem, but can't fix. My problem is CPU overloading…......Squid3 fills up to 100% 8 Core CPU. When Users wants to connect to the Internet via NTLM authentication, squid process starts going to 100 %. Who can help me to fix this? Where are you pfSense GURU?

chris4916

I doubt NTLM authentication generates this amount of CPU requirement, unless there is something wrong.
Did you try to temporarily deactivate "black list" rules and filtering as well as anti-virus. These can be very CPU demanding.