Squid Alternative? Perhaps Polipo?
-
Hi there. I am new to pfsense and although the overall experience has been enjoyable and fairly simple once again squid has just disappointed me. This is the second time I try to implement squid at an office. The first timeit was under gentoo. The problems however are the same. Lots of connection errors (403 forbidden or connection error page) I dont need squidguard but I do need monitoring. I am writing this from home hoping that when i get back to work, i have some feedback/leads to the topic. I have played around before with polipo proxy, it is small, simple and it works. Anyone out there with a solid configuration (whether is squid or other proxy) that could share some insight? I managed to get sargs with squid but it only works as long as squid is working and that usually is not very long. I would like to throw this into a production environment asap. Also, the pfsense i am using is 2.1, it was the only one that worked with my sata disks.
Thanks
G -
Are you testing squid 2 or squid 3 package?
Do you have ipv6 configured on your setup?
-
Are you testing squid 2 or squid 3 package?
Do you have ipv6 configured on your setup?
Thanks Marcello, I tried both, squid 2 and 3. I dropped the ipv6 configuration yesterday because it was not working. So, to answer your question, no, no ipv6 setup.
Thanks!
-
Are you testing squid 2 or squid 3 package?
Do you have ipv6 configured on your setup?
by the way..I was able to go a bit further with squid 3. I didnt get any disconnection issues, however, some sites wouldnt just process such as yahoo.com and msnbc.com. The first page would show up but if I clicked anywhere, the end user browser would not go anywhere. It would try but wouldnt go anywhere…
-
When you are using squid3 you should set the option "Use IPv4 first" on squid GUI.
Are you using transparent or non-transparent proxy setting ?
What are your system specs and what did you set for squid HDD and mem ?
Are you using any webfilter like squidguard or dansguardian ? -
When you are using squid3 you should set the option "Use IPv4 first" on squid GUI.
Are you using transparent or non-transparent proxy setting ?
What are your system specs and what did you set for squid HDD and mem ?
Are you using any webfilter like squidguard or dansguardian ?Thanks for the help. I am or was trying transparent proxy setting.
and these are my settings:
HD cache 1000
cache system ufs
level 1 subdir 64
min object 0
max object 64
mem cache 1000
max object in ram 256
heap lfudamy specs are: 2GB RAM, HDD 500GB, X2
thanks again, appreciate it!
-
Are you using any other packages on this machine ?
If you are using 1000MB mem cache that means that squid is using minimum 1000MB but will probably need more RAM because of IP cache, DNS cache, HDD index and so on. So you should have an eye on RAM usage and perhaps reduce squid mem to 512MB.
In general with this settings squid should run without problems and without disconnects.
Are you using any custom settings ?
Are you using squid3 and enabled windows updates caching and/or dynamic caching ? by default this in disabled and if you should leave this disabled for the first time to make sure all works as you want.PS: When using ufs take a look at "System –> Advanced --> System tunables" and set the vfs.read_max to 128 to increase performance.
-
Are you using any other packages on this machine ?
If you are using 1000MB mem cache that means that squid is using minimum 1000MB but will probably need more RAM because of IP cache, DNS cache, HDD index and so on. So you should have an eye on RAM usage and perhaps reduce squid mem to 512MB.
In general with this settings squid should run without problems and without disconnects.
Are you using any custom settings ?
Are you using squid3 and enabled windows updates caching and/or dynamic caching ? by default this in disabled and if you should leave this disabled for the first time to make sure all works as you want.PS: When using ufs take a look at "System –> Advanced --> System tunables" and set the vfs.read_max to 128 to increase performance.
will follow as said. Thanks. I think my system needed an upgrade. I did an upgrade and all of the sudden, my problems are gone! for now that is. Kinda tricky I guess since I am using nightbuild. I will however change the settings you mention.
Thanks
-
I don't know the scale of your caching proxy (10 users, 100 users, 500 users etc), but for any "busy" system I'd be inclined to split the proxy functionality into a separate system, properly tuned (kernel & fs) for the task.
-
I don't know the scale of your caching proxy (10 users, 100 users, 500 users etc), but for any "busy" system I'd be inclined to split the proxy functionality into a separate system, properly tuned (kernel & fs) for the task.
I would say between 20-25 constant users. They will fluctuate to the 30's with other devices syncing in every now and then. ..I was able to achieve some stability yesterday. I did a few updates along with reboots. I noticed that I get an error page on forums (no route). I am not on site right now so I cant tell exactly the message. I am beginning to think that I am having connection errors. Thanks!!
