Squid 2.7.8 + pfSense 1.2.2 = wait 15 seconds before loading web page

unguzov

Hi,

I have big problem with Squid 2.7.8 package. If proxy is active (transparant or not) it takes up to 20 seconds to start to load a simple web page. Browsers wait 10 to 20 seconds after typing the addres and then starts to load (slowly) the page.

I have no problems with Squid 3 (but transperant mode doesn't work with this package).

My goal is to use squid only to log accessed web pages. Is there a workaround to this strange behaviour? I try to change /boot/loader.conf, but this doesn't help:

autoboot_delay="1"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
#kern.ipc.nmbclusters="0"
kern.ipc.nmbclusters=32768
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.ip.portrange.last=65535

My hardware:
Intel(R) Pentium(R) 4 CPU 2.80GHz
Seagate ST380011A 3.06

Testing with only one client.

dvserg

DNS ?
–----
From Win workstation check
nslookup you-site-name

chudy

if dns responds too long. then use your local dns cache
Use alternate DNS-servers for the proxy-server: 127.0.0.1
if you have more than 50req/sec then increase your dnsmasq cache by hacking /etc/inc/services.inc
change to -c 10000. means 10k dns cache size

mwexec("/usr/local/sbin/dnsmasq --all-servers -c 10000 {$args}");

but 20sec? thats too long.
how long if not using proxy? maybe it has nothing to do with squid.
what is your latency if you ping yahoo.com
if you have more than 2k then thats a very congested network. usually loaded with bunch of torrents.

unguzov

@chudy:

if dns responds too long. then use your local dns cache
Use alternate DNS-servers for the proxy-server: 127.0.0.1
if you have more than 50req/sec then increase your dnsmasq cache by hacking /etc/inc/services.inc
change to -c 10000. means 10k dns cache size

mwexec("/usr/local/sbin/dnsmasq --all-servers -c 10000 {$args}");

but 20sec? thats too long.
how long if not using proxy? maybe it has nothing to do with squid.
what is your latency if you ping yahoo.com
if you have more than 2k then thats a very congested network. usually loaded with bunch of torrents.

I do not have any problems with DNS. When proxy is off each page is opening very quick, and also if I use squid3 I have no problems at all with the speed.

All my tests are with only one workstation and one user. Proxy will be used by maximum 5 users.
All sites in my country have pings from 1 ms to 5 ms. All sites in USA (like yahoo.com) have ~140 ms.
All workstations are part of Windows Domain so they are using Domain Controller as a DNS server and Domain Controller DNS is set to forward to pfSense box.

I will try to set DNS for proxy server to 127.0.0.1 and test it again…

unguzov

@chudy:

if dns responds too long. then use your local dns cache
Use alternate DNS-servers for the proxy-server: 127.0.0.1
if you have more than 50req/sec then increase your dnsmasq cache by hacking /etc/inc/services.inc
change to -c 10000. means 10k dns cache size

mwexec("/usr/local/sbin/dnsmasq --all-servers -c 10000 {$args}");

but 20sec? thats too long.
how long if not using proxy? maybe it has nothing to do with squid.
what is your latency if you ping yahoo.com
if you have more than 2k then thats a very congested network. usually loaded with bunch of torrents.

Thanks Chudy, alternate DNS server set to 127.0.0.1 is the answer. Now speed of web browsing is the same with and without proxy.

chudy

Theoretically, It should be quicker than without squid.