Pfsense+squid+squidguard for a medium company?!
We had already installed and configured pfsense2.2.4 + Squid3 + SquidGuard1.9.15 + Samba4.0 packages for 1500 users (online 500 users). NTLM authentication works fine.
But, every 1.5 - 2 hours users became connects to Internet very slow. In that time we are looking to cache.log , but there are nothing appears until users can connect to
Internet. After squid service restart users can connect to Internet normally. Please look at the attached pictures and help me to define my mistakes. Thanks for help!
KOM last edited by
I don't think you have made any mistakes with this config. I've read that aufs is a better filesystem choice that ufs. Nothing in the System - General log when the problem happens? You can increase the amount of debug info in cache.log by adding this to your Integrations section of Squid config:
debug_options rotate=1 ALL,2 11,5
Now check cache.log again when the problem happens. You could also shell in and run:
squidclient -h LAN_IP -p SQUID_PORT mgr:info
and check your Median Service Times and Resource usage for squid.
System - General log >
kernel: sonewconn: pcb 0xfffff800a9223930: Listen queue overflow: 193 already in queue awaiting acceptance (345 occurrences)
We are increased ```
netstat -Lan Current listen queue sizes (qlen/incqlen/maxqlen) Proto Listen Local Address tcp4 349/0/2048 x.18.104.22.16880 tcp4 1035/0/2048 x.0.0.1.8080 tcp4 0/0/128 *.22 tcp6 0/0/128 *.22 tcp4 0/0/128 127.0.0.1.953 tcp4 0/0/128 *.53 tcp6 0/0/128 *.53 tcp4 0/0/50 *.139 tcp4 0/0/50 *.445 tcp6 0/0/50 *.139 tcp6 0/0/50 *.445 tcp6 0/0/128 *.80 tcp4 0/0/128 *.80
Finally, i found my problem, but can't fix. My problem is CPU overloading…......Squid3 fills up to 100% 8 Core CPU. When Users wants to connect to the Internet via NTLM authentication, squid process starts going to 100 %. Who can help me to fix this? Where are you pfSense GURU?
chris4916 last edited by
I doubt NTLM authentication generates this amount of CPU requirement, unless there is something wrong.
Did you try to temporarily deactivate "black list" rules and filtering as well as anti-virus. These can be very CPU demanding.