PFSense with Squid Proxy = Slow speedtest.net Download on Comcast Only
We have four offices that each have a pfsense firewall setup (version 2.1.3 amd64) .
Two offices have Comcast for internet connectivity, the other two have Windstream and CenturyLink DSL.
What is strange is that I have every office setup with identical configurations for the basic (stable release) squid package. Using speedtest.net at the offices with Comcast, when bypassing the proxy I can get about 18Mb down and 2.5Mb up (full speed), using the Squid proxy I only get 2.8Mb down and 2.5Mb up.
Now, at the sites using non-Comcast connections, there is only a small hit to upload speed when using the squid proxy.
For squid, we are using default configurations, the only alteration I have made was from this guide:
'Change kern.ipc.nmbclusters="0" to kern.ipc.nmbclusters="32768"'
Thats it. I did try with the default setting 'kern.ipc.nmbclusters="0"' and can see no difference.
I/O errors are 0/0
Perhaps something needs to be tweaked for Comcast? If so I have no idea what would need to change, and thats why I am here.
Every office is running pfSense in a VM on ESXi 5.1. Hardware is same across the board too: Dell 2950 w/3.0ghz, 32GB Ram, 6 x 146GB 15k in RAID 10.
Any help would be much appreciated. Thanks!
OK, well now im getting speed tests that are 90% of the time capped at 3Mb then sometimes jump to 18Mb or so. Same thing at both locations. Cant make any sense of it all. Only happening on Comcast internet connections.
rds_correia last edited by
I wonder if both our issues could be somehow connected…
We're not on the same ISP, though.
Do you feel slowlyness on vLAN to vLAN too?
Possibly. There seems to be a hard cap at 3Mb and about 2-2.5 on upload. I dont have vLans setup though, but I too cannot find anything in the logs that would give a clue as to where the restriction is. Its very odd… I am not running the proxy in transparent mode as I have a .pac file that points systems to the proxy. I have tried running in transparent mode by manually setting a client PC to pfsense as the gateway, and the problem goes away. Since I will eventually replace my original firewalls with the pfsense ones, this will be a non-issue soon.