Pfsense+squid+squidguard for a medium company?!

  • Hello Everyone!

    We had already installed and configured pfsense2.2.4 + Squid3 + SquidGuard1.9.15 + Samba4.0 packages for 1500 users (online 500 users). NTLM authentication works fine.

    But, every 1.5 - 2 hours users became connects to Internet very slow. In that time we are looking to cache.log , but there are nothing appears until users can connect to

    Internet. After squid service restart users can connect to Internet normally. Please look at the attached pictures and help me to define my mistakes. Thanks for help!

  • I don't think you have made any mistakes with this config.  I've read that aufs is a better filesystem choice that ufs.  Nothing in the System - General log when the problem happens?  You can increase the amount of debug info in cache.log by adding this to your Integrations section of Squid config:

    debug_options rotate=1 ALL,2 11,5

    Now check cache.log again when the problem happens.  You could also shell in and run:

    squidclient -h LAN_IP -p SQUID_PORT mgr:info

    and check your Median Service Times and Resource usage for squid.

  • Hello Sir!

    System - General log  >

    kernel: sonewconn: pcb 0xfffff800a9223930: Listen queue overflow: 193 already in queue awaiting acceptance (345 occurrences)

    We are increased ```

    netstat -Lan
    Current listen queue sizes (qlen/incqlen/maxqlen)
    Proto Listen        Local Address       
    tcp4  349/0/2048    x.   
    tcp4  1035/0/2048    x.         
    tcp4  0/0/128        *.22                 
    tcp6  0/0/128        *.22                 
    tcp4  0/0/128         
    tcp4  0/0/128        *.53                 
    tcp6  0/0/128        *.53                 
    tcp4  0/0/50        *.139                 
    tcp4  0/0/50        *.445                 
    tcp6  0/0/50        *.139                 
    tcp6  0/0/50        *.445                 
    tcp6  0/0/128        *.80                 
    tcp4  0/0/128        *.80

  • Finally, i found my problem, but can't fix. My problem is CPU overloading…......Squid3 fills up to 100% 8 Core CPU.  When Users wants to connect to the Internet via  NTLM authentication, squid process starts going to 100 %. Who can help me to fix this? Where are you pfSense GURU?

  • I doubt NTLM authentication generates this amount of CPU requirement, unless there is something wrong.
    Did you try to temporarily deactivate "black list" rules and filtering as well as anti-virus. These can be very CPU demanding.

Log in to reply