My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber
-
This is my report of pfsense. I work in a school and we have 400+ daily connected. This is my setup:
pfSense 2.0-BETA5 (amd64) built on Thu Jan 27 01:29:01 EST 2011
Squid 2.7.9_4
squidguard 1.3_1 pkg v.1.63GB of ddr2 ram
Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
3 intel 1000/pro desktop nicsMods:
for squid:
in /boot/loader.conf
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1
in squid.inc(usr/local/pkg):
dns_children 20for squidguard:
Haven't changed anything. Stock config. Increasing redirect children only makes it worse. I have 3. Seems enough.for firewall in advanced:
net.inet.tcp.inflight.enable Enable TCP Inflight mode 0
net.inet.tcp.tso TCP Offload Engine default (1)
hw.bce.tso_enable TCP Offload Engine - BCE default ()
kern.ipc.maxsockbuf 16777216
net.inet.tcp.rfc1323 1
net.inet.tcp.sendbuf_max 16777216
net.inet.tcp.recvbuf_max 16777216
net.inet.tcp.sendbuf_auto Send buffer autotuning enabled by default 1
net.inet.tcp.sendbuf_inc 16384
net.inet.tcp.recvbuf_auto 1
net.inet.tcp.recvbuf_inc 524288
net.inet.tcp.hostcache.expire 1
kern.ipc.somaxconn 2048
net.inet.tcp.msl default 30000 10000
I've followed this and this to make this changes.
My fibre optic is 60/20 mbit/s
-
Hi,
I hope it is ok to use this thread for my "problem".
I mention always a little delay while surfing the web when squid is enabled.
This is my hardware:2.0-RC1 (amd64) built on Thu May 5 18:46:28 EDT 2011
Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
4GB RAM
4x 1GBit/s NIC for connecting my different LANmy squid config:
Hard disc cache: ~10GB
cache system: ufs
RAM: 1GB
min filesize disc: 0kb
max filesize disc: 200MB
max filesize RAM: 512kb
Level 1 subdirectories: 32
disc/RAM: Heap LFUDAI am in a testing environment with 15 Users and I would like to use squid to speedup surfing and caching windows updates and not for having such a delay I am having at the moment.
It helped me to speedup squid with using ufs and vfs.read_max = 512
I would be interested in this parameters in your config:
for squid: in /boot/loader.conf kern.ipc.nmbclusters="32768" kern.maxfiles="131070" kern.maxfilesperproc="32768" net.inet.ip.portrange.last="65535" in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1 in squid.inc(usr/local/pkg): dns_children 20Perhaps you could explain that for me because the google explainations didn't help me to understand this parameters.
Thank you very much for your help.
PS: If you like, I will be very interested in your firewall optimizations, too!
-
Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.htmlSteve
-
Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.htmlSteve
Thanks..
Updating the thread, I have to say that since I'm on RC versions, things have changed. I've stopped using these:
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"And it's running very well.
alternate dns 127.0.0.1
in squid.inc(usr/local/pkg):
dns_children 20Don't use this too.
As for the other options, I'm not using disk cache. It seemed to me that that was really my problem. Slow disks. Squid cache was very intensive with my 400+ users. I've changed my updates to an WSUS server and I'm only using squid in pfsense with squidGuard. The rest of my setup remains the same. (same advanced options)
