Performance issue tweaking need to help performance

fastcon68 · Oct 12, 2008, 3:23 AM

I have now been running ZEN with PFsense 5.0 for awhile now. It is running really well. I have installed SQUID, SQUIDGUARD, & IMSPECTOR. Everything is working really well. I have 3 MB by 512MB DSL connection.

I have noticed a difference between a machine behind the proxy and a machhine not behind the proxy. The downloads from behind the proxy are about half the download rate verse a machine not behind the proxy. I just wanted to know if, I needed to give higher prior to the virtual server that is running pfsense.

I need to also add snort back and well. I currently have 2 virtual processor and 768 meg of ram avaiable to virtual server.

I am also looking at upgrading a copy of my current image to verison 1.3. Does anyone have any thoughs or concerns?

I am really enjoying the virtual pfsense servers. I currently have a 1.3 and 1.2 virtual server, I switch between them at will. By bring either up and almost all vpn connections work. 2 differnt one's dont.

Virtual servers are a great way to do. I backup my production image once a week. It works great. I have had a image blow up and it failed horrible. I just restored from my backup and ther server was backup in about 10 minutes.

It is the best way to go.
RC

Bern · Oct 12, 2008, 9:22 AM

The general consensus is that you shouldn't run any kind of critical security device, including pfSense, inside a virtual machine.

As for your squid problem, you don't mention which version of pfSense you're running (5 isn't a pfSense version), but if it's 1.2 then add these lines to your /boot/loader.conf and reboot:

kern.ipc.nmbclusters="32768"
kern.maxfiles="65536"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

Cheers

Bern

fastcon68 · Oct 18, 2008, 2:43 AM

Bern,
It is version 1.2 and I am running XEN 5.0. I had to start using virtual machines due utilizies cost and the cost of running older machines. Since I have cut over to virtual machines. I have cut my utility bill by 200.00 a month. This includes additional AC unit required for cooling.

How do I edit the loader.conf file. I never modified the conf files at all before.
RC

Cry Havok · Oct 18, 2008, 12:20 PM

That'll be Citrix's Xen then.

To edit loader.conf use vi, as in vi /boot/loader.conf. Do back the system up first to avoid having to re-install if you make mistakes.

fastcon68 · Oct 19, 2008, 1:42 AM

Cry Havok,
Thanks a million. I have a fullimage backup of my production system. I can restore it at any time. The system is awesome. It's really been a huge cost savings. I recoupe my investiment in less that 4 months. I have replaced a bunch of really old machines. I love it.
RC

fastcon68 · Oct 19, 2008, 1:58 AM

I never used vi, where can I loacate a how to use it. Just curious?
RC