• Halo semua,

    Saya mau tanya tentang squid dan squidguard di PfSense.
    Untuk setup squid dengan hugh performance, apakah perlu menggunakan ramdisk untuk menyimpan cache?
    Karena dengan menggunakan hardisk, sepertinya terasa lambat.
    Dan kalau memang menggunakan ramdisk ini membantu performance, bagaimana caranya agar bisa digunakan secara otomatis dengan squid?

    Terima kasih.

    Fadjar340


  • Boleh tau bro anda Pakai Pfsense Berapa .. dan kalau bisa kenalin dulu diri anda


  • Saya Fadjar Tandabawana,
    Admin beberapa site untuk side job :)

    Saya menggunakan PfSense 1.2.3-RC2
    built on Wed Aug 19 23:03:01 UTC 2009
    FreeBSD 7.2-RELEASE-p3 i386

    Saya selalu update menggunakan snapshot, yang terakhir saya ambil tanggal 19 Agustus 2009 dan sudah saya install.

    Regards,
    Fadjar T


  • Untuk Squid biasanya di perlukan seting khusus, dan sepertinya setting squid di pfsense dan Squidguard sangat berbeda .. salah sedikit bisa fatal akibatnya.:D


  • Saya memang pernah coba pasang squid bareng dengan squidguard, config time dan destination sudah di set juga, tapi squidguard nggak jalan seperti yang diharapkan.
    Untuk squidnya, jika menggunakan hardisk di /var/lib/cache maka response untuk browsing menjadi lambat.
    Saya pakai memory 512 MB.
    Kalau memang memasang cache di ramdisk seperti saya biasa gunakan di Linux bisa mempercepat response browsing, bagaimana caranya untuk load scriptnya.
    Saya agak kurang paham dengan freeBSD.

    Kalu mungkin bung bisa jelaskan akibat fatal yang ditimbulkan dan kesalahan yang sering terjadi, sepertinya sangat bermanfaat untuk kita semua.

    Regards,
    Fadjar T


  • AFAIK, perbedaan sistem di linux dan freebsd memang cukup signifikan dalam hal proses baca-tulis hdd….

    squid nya bro fajar, emang yang udah di oprek, ato masi standard????


  • Yups… bener malah saya udah coba script video cache youtub di Pfsense alhamdulilah berhasil ..  ;D


  • nah bro kambeng, ente make squid bawan pfsense (2.6.x) ato dah inject jadi 2.7.x ?


  • di inject bro .. lagian kalau 2.7 itu squidnya stabil bro .. dibanding 2.6 atau yang lainya terutama di performance cache


  • Lihat Sticky di Atas bro semoga sukses


  • wadoh…. buatin atuh mah, cara inject squid default 2.6.x ke 2.7.6 stable brow... pada buta neh... :D


  • @xaviero:

    squid nya bro fajar, emang yang udah di oprek, ato masi standard????

    Bro xaviero, memang masih standard karena saya belum ngerti bener, mainan di inc-nya pfsense.

    Satu pertanyaan saya yang amsih nggantung nih:
    Kalau saya pakai ramdisk untuk simpan cache, apakah itu menaikkan performance squid? Khususnya untuk menampilkan halaman web yang di cache.

    Regards,
    Fadjar T


  • coba baca ini bro dan ikuti petunjuknya … squid jadi optimal dan kencang :D http://forum.pfsense.org/index.php/topic,18823.0.html


  • @kambeeng:

    coba baca ini bro dan ikuti petunjuknya … squid jadi optimal dan kencang :D http://forum.pfsense.org/index.php/topic,18823.0.html

    Makasih banyak bro kambeeng…

    :)


  • @kambeeng:

    http://forum.pfsense.org/index.php/topic,18823.0.html

    Setelah dicoba dan dipasang…
    Memang mangstabsss...
    Tob markotobs...

    Makasih ya bro..


  • Bro … good luck


  • Mungkin masalah ini sudah terselesaikan tapi tidak adanya membuat pfSense anda semakin "beringas".
    Disadari atau tidak kebanyakan pfSense dengan squid kecepatan bandwidthnya akan turun dari bandwidth yang seharusnya.
    Hal ini dikarenakan pada pfsense lebih dimaksimalkan untuk router dibandingkan untuk server oleh karena itu nilai kern.ipc.nmbclusters dibuat "0" (default). Padahal di freeBSD nilainya adalah 8192.
    Untuk mengatasi ini perlu dilakukan perubahan seperti berikut:

    tambahkan line berikut pada /boot/loader.conf

    kern.ipc.nmbclusters=32768
    kern.maxfiles=65536
    kern.maxfilesperproc=32768
    net.inet.ip.portrange.last=65535

    atau lebih mudahnya hapus semua isinya dan salin line berikut

    autoboot_delay="1"
    hint.apic.0.disabled=1
    kern.hz=100
    #for squid
    kern.ipc.nmbclusters="32768"
    kern.maxfiles="65536"
    kern.maxfilesperproc="32768"
    net.inet.ip.portrange.last="65535"

    Atau jika anda tidak menghendaki perubahan yang signifikan cukup hapus kern.ipc.nmbclusters="0", dan squid akan jalan dengan baik.

    Tapi untuk melakukan Tuning bisa ditambahkan:
    kern.ipc.nmbclusters: 32768
    kern.maxfiles=65536
    kern.maxfilesperproc=32768
    net.inet.ip.portrange.last: 65535

    Semoga bermanfaat.


  • Apakah ini berlaku di pfsense alpha atau flatform yang lain


  • bukan alpha, kalau alpha malah sudah tidak perlu master.
    ini untuk semua pfsense release sebelum 2.0


  • kalo bole dilakukan riset nih,
    coba in deh, cache site nya lyto, www.lytogame.com , kemudian lakukan/ngtes daftar akun baru…
    kalo dengan proxy, selalu mental, alias bolak balik ke page awal.

    walo dah dimasukin IP ato domain si lytogame kekeuh squid ngotot bolak balik....
    itu kalo kejadian aneh di pfsense ane


  • itu kemungkinan masalah di proxynya mas,
    coba dibuat acl untuk domain lyto, dan di cache deny.


  • memang belum ane oprek ampe kedalam squid.inc nya….. ane masi make bawaan web GUI nya pf.
    btw, ente coba jg lah.... biar bisa mengalami penderitaan nya....wkwkwkwkwkwkwkwk


  • SQUID.CONF silahkan cek :D

    http_port 3128 transparent
    cache_effective_user squid
    cache_effective_group squid
    acl all src 0.0.0.0/0.0.0.0
    icp_query_timeout 1000
    high_memory_warning 500 MB
    visible_hostname akabri.info
    httpd_suppress_version_string on
    cache_mem 64 MB
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF
    cache_swap_low 90
    cache_swap_high 95
    maximum_object_size 131072 KB
    maximum_object_size_in_memory 64 KB
    tcp_recv_bufsize 65535 bytes
    ipcache_size 8192
    fqdncache_size 8192
    acl msnmess url_regex http://207.46.111.55/gateway/gateway.dll?
    deny_info TCP_RESET msnmess
    http_access deny msnmess
    forwarded_for off
    high_page_fault_warning 10
    high_response_time_warning 2000
    client_persistent_connections off
    server_persistent_connections on
    half_closed_clients off
    cache_dir aufs /cache 10000 10 256
    log_icp_queries off
    cache_access_log /usr/local/squid/logs/access.log
    emulate_httpd_log on
    ftp_user kambeeng@akabri.info
    cache_mgr kambeeng@akabri.info
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    negative_dns_ttl 2 minutes
    acl mynetwork src 192.168.1.0/26
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563 2082 2083 2086 2087 2093 2095 2096
    acl Safe_ports port 80 21 443 563 70 210 8000 11999 2082 2083 2086 2087 2095 2096 8082 8090
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow mynetwork
    http_access allow localhost
    deny_info TCP_RESET all
    http_access deny all
    snmp_port 3001
    acl queryme snmp_community SquidSnmpRahasia
    acl adminpc src 192.168.1.2
    snmp_access allow queryme localhost
    snmp_access allow queryme adminpc
    snmp_access deny all
    icp_access allow mynetwork
    icp_access deny all
    miss_access allow all
    ie_refresh on


  • waduh kayake om kambeeng pernah janji mau bikin how to nya inject squid 2.7 di pfSense nech… kapan ya... hehehe  ;D


  • sekalian request yang 2 Head nya juga yah om … :D


  • salam, saya ada masalah dgn squid, klo diaktifkan u/ interfaces lan, maka semua client gak bisa konek, awal instalasi masih ok, sekitar dua bulan kemudian baru muncul masalahx, oh iya saya masih menggunakan 1.2 release
    ini lognya :
    Sep 13 09:32:12 squid[1694]: Squid Parent: child process 1937 exited due to signal 6
    Sep 13 09:32:14 check_reload_status: reloading filter
    Sep 13 09:32:15 squid[1694]: Squid Parent: child process 2044 started
    Sep 13 09:32:15 squid[2044]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:16 kernel: pid 2044 (squid), uid 62: exited on signal 6
    Sep 13 09:32:16 squid[1694]: Squid Parent: child process 2044 exited due to signal 6
    Sep 13 09:32:19 squid[1694]: Squid Parent: child process 2094 started
    Sep 13 09:32:19 squid[2094]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:19 kernel: pid 2094 (squid), uid 62: exited on signal 6
    Sep 13 09:32:19 squid[1694]: Squid Parent: child process 2094 exited due to signal 6
    Sep 13 09:32:19 squid[1694]: Exiting due to repeated, frequent failures
    Sep 13 09:32:25 Squid_Alarm[2137]: Squid has exited. Reconfiguring filter.
    Sep 13 09:32:25 Squid_Alarm[2139]: Attempting restart…
    Sep 13 09:32:25 squid[2146]: Squid Parent: child process 2149 started
    Sep 13 09:32:26 squid[2149]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:26 kernel: pid 2149 (squid), uid 62: exited on signal 6
    Sep 13 09:32:26 squid[2146]: Squid Parent: child process 2149 exited due to signal 6
    Sep 13 09:32:28 Squid_Alarm[2184]: Reconfiguring filter…
    Sep 13 09:32:29 squid[2146]: Squid Parent: child process 2187 started
    Sep 13 09:32:29 squid[2187]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:29 kernel: pid 2187 (squid), uid 62: exited on signal 6
    Sep 13 09:32:29 squid[2146]: Squid Parent: child process 2187 exited due to signal 6
    Sep 13 09:32:29 Squid_Alarm[2294]: Squid has resumed. Reconfiguring filter.
    Sep 13 09:32:32 squid[2146]: Squid Parent: child process 2430 started
    Sep 13 09:32:33 squid[2430]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:33 kernel: pid 2430 (squid), uid 62: exited on signal 6
    Sep 13 09:32:33 squid[2146]: Squid Parent: child process 2430 exited due to signal 6
    Sep 13 09:32:36 squid[2146]: Squid Parent: child process 2477 started
    Sep 13 09:32:36 squid[2477]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:36 kernel: pid 2477 (squid), uid 62: exited on signal 6
    Sep 13 09:32:36 squid[2146]: Squid Parent: child process 2477 exited due to signal 6
    Sep 13 09:32:40 squid[2146]: Squid Parent: child process 2512 started
    Sep 13 09:32:40 squid[2512]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 13 09:32:40 kernel: pid 2512 (squid), uid 62: exited on signal 6
    Sep 13 09:32:40 squid[2146]: Squid Parent: child process 2512 exited due to signal 6
    Sep 13 09:32:40 squid[2146]: Exiting due to repeated, frequent failures
    Sep 13 09:33:23 php: /pkg_mgr_install.php: cd /var/db/pkg && pkg_delete ls | grep
    Sep 13 09:33:25 Squid_Alarm[2629]: Squid has exited. Reconfiguring filter.
    Sep 13 09:33:25 Squid_Alarm[2631]: Attempting restart…
    Sep 13 09:33:51 php: /pkg_mgr_install.php: cd /var/db/pkg && pkg_delete ls | grep squid
    Sep 13 09:33:55 check_reload_status: reloading filter

    mohon bantuan dari master sekalian, kalo bisa step by step, soalx masih nubi


  • ba rebuild cache_dir nya


  • masuk ke console , kemudian ketik "squid -z" , liat lagi pesan error nya.. (kalo ada)


  • saya sdh coba jalankan squid -z, hasilx : 2009/09/14 08:21:27| WARNING cache_mem is larger than total disk cache space!
    2009/09/14 08:21:27| Creating Swap Directories


  • saya sdh coba jalankan squid -z, hasilx : 2009/09/14 08:21:27| WARNING cache_mem is larger than total disk cache space!
                                                          2009/09/14 08:21:27| Creating Swap Directories
                                                          berhenti sampai disini…................( gak lanjut)

    tetap klo proxy dijalankan, gak bisa konek,
    lognya :

    Sep 14 08:27:27 squid[6101]: Squid Parent: child process 6321 exited due to signal 6
    Sep 14 08:27:49 php: /pkg_edit.php: Starting Squid
    Sep 14 08:27:49 squid[6495]: Squid Parent: child process 6497 started
    Sep 14 08:27:49 php: /pkg_edit.php: Reloading Squid for configuration sync
    Sep 14 08:27:49 squid[6497]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:27:49 kernel: pid 6497 (squid), uid 62: exited on signal 6
    Sep 14 08:27:49 squid[6495]: Squid Parent: child process 6497 exited due to signal 6
    Sep 14 08:27:50 check_reload_status: reloading filter
    Sep 14 08:27:52 squid[6495]: Squid Parent: child process 6702 started
    Sep 14 08:27:53 squid[6702]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:27:53 kernel: pid 6702 (squid), uid 62: exited on signal 6
    Sep 14 08:27:53 squid[6495]: Squid Parent: child process 6702 exited due to signal 6
    Sep 14 08:27:56 squid[6495]: Squid Parent: child process 6741 started
    Sep 14 08:27:56 squid[6741]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:27:56 kernel: pid 6741 (squid), uid 62: exited on signal 6
    Sep 14 08:27:56 squid[6495]: Squid Parent: child process 6741 exited due to signal 6
    Sep 14 08:27:59 squid[6495]: Squid Parent: child process 6840 started
    Sep 14 08:28:00 squid[6840]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:00 kernel: pid 6840 (squid), uid 62: exited on signal 6
    Sep 14 08:28:00 squid[6495]: Squid Parent: child process 6840 exited due to signal 6
    Sep 14 08:28:03 squid[6495]: Squid Parent: child process 6885 started
    Sep 14 08:28:04 squid[6885]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:04 kernel: pid 6885 (squid), uid 62: exited on signal 6
    Sep 14 08:28:04 squid[6495]: Squid Parent: child process 6885 exited due to signal 6
    Sep 14 08:28:04 squid[6495]: Exiting due to repeated, frequent failures
    Sep 14 08:28:19 Squid_Alarm[6981]: Squid has exited. Reconfiguring filter.
    Sep 14 08:28:19 Squid_Alarm[6983]: Attempting restart…
    Sep 14 08:28:19 squid[6990]: Squid Parent: child process 6993 started
    Sep 14 08:28:20 squid[6993]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:20 kernel: pid 6993 (squid), uid 62: exited on signal 6
    Sep 14 08:28:20 squid[6990]: Squid Parent: child process 6993 exited due to signal 6
    Sep 14 08:28:22 Squid_Alarm[7029]: Reconfiguring filter…
    Sep 14 08:28:23 squid[6990]: Squid Parent: child process 7034 started
    Sep 14 08:28:24 squid[7034]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:24 kernel: pid 7034 (squid), uid 62: exited on signal 6
    Sep 14 08:28:24 squid[6990]: Squid Parent: child process 7034 exited due to signal 6
    Sep 14 08:28:24 Squid_Alarm[7139]: Squid has resumed. Reconfiguring filter.
    Sep 14 08:28:27 squid[6990]: Squid Parent: child process 7210 started
    Sep 14 08:28:27 squid[7210]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:27 kernel: pid 7210 (squid), uid 62: exited on signal 6
    Sep 14 08:28:27 squid[6990]: Squid Parent: child process 7210 exited due to signal 6
    Sep 14 08:28:30 squid[6990]: Squid Parent: child process 7245 started
    Sep 14 08:28:31 squid[7245]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:31 kernel: pid 7245 (squid), uid 62: exited on signal 6
    Sep 14 08:28:31 squid[6990]: Squid Parent: child process 7245 exited due to signal 6
    Sep 14 08:28:34 squid[6990]: Squid Parent: child process 7281 started
    Sep 14 08:28:34 squid[7281]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
    Sep 14 08:28:34 kernel: pid 7281 (squid), uid 62: exited on signal 6
    Sep 14 08:28:34 squid[6990]: Squid Parent: child process 7281 exited due to signal 6
    Sep 14 08:28:34 squid[6990]: Exiting due to repeated, frequent failures


  • WARNING cache_mem is larger ,
    Bro ini sudah jelas ada msalah dengan Cache anda kemungkinan cache anda besar, coba di perkecil

    Salam
    kambeeng


  • coba cek yah,
    biasanya di proxy gui nya, ada command2 yang salah di bagian option command, coba diilangkan dulu… kemudian restart pfsense nya...


  • bukan cachenya besar om kambeeng, tapi kebesaran… masa' cache_mem lebih besar dari cache_dir nya nya???


  • yups intinya gitu :D


  • tadinya saya juga berfikir seperti itu om, tapi apa iya ini kebesaran ?
    ( konfigurasi cache manajement )  =

    Hard disk cache size = 10
    memoricache = 8
    minimum object = 0
    maksimum object = 1000
    Level 1 subdirectories = 128
    Low-water-mark in  90 %
    High-water-mark in 95 %

    oh iya , ram nativenya = 512
    hardisk = 8 gb

    thax


  • tolong, om2  sekalian
    konfigurasi proxy yg benar mulai dari general setting sampai local usernya serta cache managemen yg ideal u/ resource seperti diatas ?

    thax


  • knapa ya mas habis restart

    squid.conf saya balik ke default lagi
    padahal dah di tunning bagus2 T.T


  • @chiboik:

    knapa ya mas habis restart

    squid.conf saya balik ke default lagi
    padahal dah di tunning bagus2 T.T

    sudah banyak dibahas di forum.,, :D
    masukkan aja config anda di squid.inc


  • @yellowhat89:

    @chiboik:

    knapa ya mas habis restart

    squid.conf saya balik ke default lagi
    padahal dah di tunning bagus2 T.T

    sudah banyak dibahas di forum.,, :D
    masukkan aja config anda di squid.inc

    bisa di perjelas mas ?
    cara masukin gmn ?
    maaf, masih newbie  ;D
    saya pake pfSense-1.2.3-RC3

    o iya mas mau nanya lagi
    waktu client warnet saya make proxies.telkom.net.id:8080
    proxy nya ke bypass, ngga redirect ke port 3128
    padahal port nya udah saya forward 8080  ke 3128

    jadi website yang saya block bisa di buka sama client.
    gmn solusi nya mas ?


  • ini lagi ngaco banget !!!
    emang bisa proxy di forward ke proxy lagi ????

    yang bisa itu, proxymu di parent ke proxy telkom, jangan bermain forwarding di pf, jaka sembung baca bobo, gak nyambung bo…:)

    tambahin di squid .inc

    cache_peer proxies.telkom.net.id parent 8080 3130 no-query connect-timeout=10 no-digest no-netdb-exchange default
    cache_peer 202.134.0.135 sibling 8080 3130 round-robin no-query connect-timeout=10 no-digest no-netdb-exchange

    dari nubie