Traffic Shaping & Squid Caching Proxy
-
Hi I've got my pfSense setup right now and its working great. I would like to add squid as a caching proxy, but I've read all sorts of things about this will / will not work. Just wondering if i could get some clarification here.
-
Well, there's this, https://forum.pfsense.org/index.php?topic=62188.0 but I can't say I had the best of luck with it. Then there's this which I haven't tried yet: https://forum.pfsense.org/index.php?topic=66537.msg366615#msg366615
In theory if you can separate "traffic coming from the pfSense box to the LAN" and "traffic coming from the internet to the LAN" it "should be easy." Due (in my frustrated opinion) to the dismal, out of date, and incomplete documentation, nothing on the shaper is ever easy. IF I grok the sense of the "short form approach for pfsense 2.1" in the second linked message (not the link to an older thing the linked message is replying to) I believe it's trying to do exactly that. But I have no idea if it actually accomplishes the desired effect or not.
I did successfully get shaping to work, but it shaped cache hits. I don't know who would want that behavior, but it's not me.
I strongly suggest making a backup of the configuration before you start working on the shaper, as every time I have tried to get it to shape without shaping cache hits, it's blown up in my face and needed to be reset to a working configuration from before that point.
I'm just about ready to try tilting at this particular windmill again, which is why I'm here reading your unanswered post. I wish I could offer you a more hopeful answer, but I can't, as it's all poking at things with clear as mud directions and holes you can drive a truck through in those.
Another approach suggested from the "olden days" is to just put squid on a separate box, i.e.
Internet <–>pfSense (and shaper)<-->Squid (all by itself)<--> users.
Annoying, but might be easier than trying to get this to work.