[Solved] Router Transparent Forward Proxy Squid EXTREMELY slow
-
Slow Squid is usually a sign of DNS misconfiguration these days :(
-
I have DNS resolver and forwarder disabled on the pfSense. The pfSense DHCP passes the same DNS that is used on the corporate LAN. Using nslookup in the client seems to work just fine for internal and external addresses. Thoughts?
-
Shell in and run:
squidclient -h LAN_IP_ADDRESS -p 3128 mgr:info
and look at the Median Service Times. See if anything looks out of order.
-
looks like i'm going to have a noob response to your question, it says access denied….
(see attachment)
-
i'm also confused to report without any changes, wget and apt-get work in the terminal with good speed, but websites in the browser either spin or get the squid timeout page like www.cnn.com and neverssl.com respectively.
-
Services - Squid - Local Cache - External Cache Managers. Make sure that 127.0.0.1 and your PC's LAN IP address are in the list separated by a semicolon and try again. I can't answer your questions since I know nothing about your configuration.
-
adding the IP where you suggested fixed that access denied issue. attached is the section with the median response times.
i've installed chromium on the client and potentially learned 2 new things. cnn even though not encrypted still has some ssl resources which i think are slowing the page down when loading in the browser, but not wget. neverssl seems to load fine in chromium, which i suspect means that firefox and chromium are doing different things with the headers??
is there a way to disable the in memory cache just to get things setup?
thanks a lot for the help btw.
-
i take part of my last post back, there's some intermittentency for sure. neverssl won't load in chromium now and wget now returns 503.
-
It's not a DNS issue, which it often is. Probably something else in your config. I only use squid as a platform for squidguard. I don't do any caching.
You can't totally disable memory caching.
-
Thanks. Today the issue returned and being suspicious I check on another computer bypassing my whole pfSense setup (directly on corporate LAN) and the same issue exists. I'm confident it is an issue with the upstream proxy.
I'm going to mark this thread as solved, but I'm sure I'll be back in a day or 2 with a new issue as I try and bring this thing up. Thanks for the help, seems like a strong community. :)
