Tuning for full blown PCs



  • Hi, are there any known "best practices" when installing pfsense in full blown PCs?, i'll install it in a Dell Optiplex GX760, C2D with 2GB of RAM. Are there any kernel parameters to adjust?, i'll be running VPNs, regular firewalling and Proxy/Antivirus.



  • With that hardware you should be able to handle quite a few simultaneous clients, I don't believe any tweaking need be done to the kernel parameters.



  • I've seen some posts about setting this parameters (taken from my old notes):

    kern.ipc.nmbclusters
    kern.maxfiles
    kern.maxfilesperproc
    net.inet.ip.portrange.last

    They're no longer needed?



  • They are not used that often and are hardly known.



  • But "hardly known" != "useless"…. I found this: http://forum.pfsense.org/index.php/topic,14673.0.html

    Any comments?



  • The issues that loader.conf can cause/resolve are so pronounced that you would HAVE to modify it to even use the router at all.  If you're seeing >10% of your bandwidth come through the pfSense box/proxy, then you're likely not affected.  Most of the issues have been corrected with more recent versions of the squid package as well as bumps in the underlying FreeBSD versions.


Log in to reply