Connection speed %50 of normal

Mellowlynx

I'm running pfSense for some time now and never have big issues anymore.

Today I noticed that the speedtest.net results are %50 of what it should be.
I did a test by connection my mac directly to the modem and than it's normal.
After that I did test it again after disabling "Transparent HTTP proxy" and than is it normal to.
When I enable "Transparent HTTP proxy" again it's at %50.

I already edited "/boot/loader.conf" and looks like this.

autoboot_delay="1"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
#kern.ipc.nmbclusters="0"
kern.hz=100
#for squid
kern.ipc.nmbclusters="32768"
kern.maxfiles="65536"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"
hw.usb.no_pf="1"

Anyone have a idea what the problem can be?

I'm running
2.1-BETA1 (i386) - built on Thu Mar 14 23:00:40 EDT 2013
with squid3 - 3.1.20 pkg 2.0.6

trunglam

let check proxy config

Tikimotel

Builds get compiled every day, this post was from march 15th.
I suggest installing/updating to a more current build first.

Mellowlynx

Config should be good, never had problems and blocked domains are indeed blocked.
Only the speed is different.

I'm updated to the newest version and it's still the same.

Any tips are still welcome!

chpalmer

Would be nice to know a bit more about your setup.

Mellowlynx

The systeem is running on a P4 1.7GHz

With Wan, Lan and OPT1 with captive portal.
And a transparent proxy to block a view domains.

Everything is running fine and fast, except the internet speed…

Do you need to know more?

cmb

sounds like you need
http://doc.pfsense.org/index.php/Squid_Package_Tuning

Mellowlynx

I already have some that trips running.
Worked fine before.

I'm now considering removing the proxy, I only use it to block two domains.
Does anyone have tips on how to easily block domains without a proxy on both LAN and OPT1?

Regards, R

dhatz

@rcktboy:

Does anyone have tips on how to easily block domains without a proxy on both LAN and OPT1?

Well, the two easiest ways that come to mind would be to

1. use the DNS forwarder to point those two domains to 127.0.0.1 or
2. block their IP ranges (using aliases makes it easier)

If you want to be thorough, you can use both ways.