My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber

Hugovsky

This is my report of pfsense. I work in a school and we have 400+ daily connected. This is my setup:

pfSense 2.0-BETA5 (amd64) built on Thu Jan 27 01:29:01 EST 2011
Squid 2.7.9_4
squidguard 1.3_1 pkg v.1.6

3GB of ddr2 ram
Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
3 intel 1000/pro desktop nics

Mods:

for squid:

in /boot/loader.conf
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20

for squidguard:
Haven't changed anything. Stock config. Increasing redirect children only makes it worse. I have 3. Seems enough.

for firewall in advanced:

net.inet.tcp.inflight.enable Enable TCP Inflight mode 0

net.inet.tcp.tso TCP Offload Engine default (1)

hw.bce.tso_enable TCP Offload Engine - BCE default ()

kern.ipc.maxsockbuf 16777216

net.inet.tcp.rfc1323 1

net.inet.tcp.sendbuf_max 16777216

net.inet.tcp.recvbuf_max 16777216

net.inet.tcp.sendbuf_auto Send buffer autotuning enabled by default 1

net.inet.tcp.sendbuf_inc 16384

net.inet.tcp.recvbuf_auto 1

net.inet.tcp.recvbuf_inc 524288

net.inet.tcp.hostcache.expire 1

kern.ipc.somaxconn 2048

net.inet.tcp.msl default 30000 10000

I've followed this and this to make this changes.

My fibre optic is 60/20 mbit/s

Nachtfalke

Hi,

I hope it is ok to use this thread for my "problem".
I mention always a little delay while surfing the web when squid is enabled.
This is my hardware:

2.0-RC1 (amd64) built on Thu May 5 18:46:28 EDT 2011
Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
4GB RAM
4x  1GBit/s NIC for connecting my different LAN

my squid config:
Hard disc cache: ~10GB
cache system: ufs
RAM: 1GB
min filesize disc: 0kb
max filesize disc: 200MB
max filesize RAM: 512kb
Level 1 subdirectories: 32
disc/RAM: Heap LFUDA

I am in a testing environment with 15 Users and I would like to use squid to speedup surfing and caching windows updates and not for having such a delay I am having at the moment.

It helped me to speedup squid with using ufs and vfs.read_max = 512

I would be interested in this parameters in your config:

for squid:

in /boot/loader.conf
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20

Perhaps you could explain that for me because the google explainations didn't help me to understand this parameters.

Thank you very much for your help.

PS: If you like, I will be very interested in your firewall optimizations, too!

stephenw10

Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.html

Steve

Hugovsky

@stephenw10:

Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.html

Steve

Thanks..

Updating the thread, I have to say that since I'm on RC versions, things have changed. I've stopped using these:

kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"

And it's running very well.

@Nachtfalke:

alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20

Don't use this too.

As for the other options, I'm not using disk cache. It seemed to me that that was really my problem. Slow disks. Squid cache was very intensive  with my 400+ users. I've changed my updates to an WSUS server and I'm only using squid in pfsense with squidGuard. The rest of my setup remains the same. (same advanced options)