pfSense Gold Subscription

Author Topic: My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber  (Read 7265 times)

0 Members and 1 Guest are viewing this topic.

Offline Hugovsky

  • Full Member
  • ***
  • Posts: 128
  • Karma: +0/-0
    • View Profile
This is my report of pfsense. I work in a school and we have 400+ daily connected. This is my setup:

pfSense 2.0-BETA5 (amd64) built on Thu Jan 27 01:29:01 EST 2011
Squid 2.7.9_4
squidguard 1.3_1 pkg v.1.6

3GB of ddr2 ram
Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
3 intel 1000/pro desktop nics


Mods:

for squid:

in /boot/loader.conf
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20

for squidguard:
Haven't changed anything. Stock config. Increasing redirect children only makes it worse. I have 3. Seems enough.

for firewall in advanced:

net.inet.tcp.inflight.enable    Enable TCP Inflight mode    0

net.inet.tcp.tso    TCP Offload Engine    default (1)    
   
hw.bce.tso_enable    TCP Offload Engine - BCE    default ()    
   
kern.ipc.maxsockbuf       16777216    
   
net.inet.tcp.rfc1323       1    
   
net.inet.tcp.sendbuf_max       16777216    
   
net.inet.tcp.recvbuf_max       16777216    
   
net.inet.tcp.sendbuf_auto    Send buffer autotuning enabled by default    1    
   
net.inet.tcp.sendbuf_inc       16384    
   
net.inet.tcp.recvbuf_auto       1    
   
net.inet.tcp.recvbuf_inc       524288    
   
net.inet.tcp.hostcache.expire       1    
   
kern.ipc.somaxconn       2048    
   
net.inet.tcp.msl    default 30000    10000

I've followed this and this to make this changes.

My fibre optic is 60/20 mbit/s


« Last Edit: January 28, 2011, 10:54:21 am by Hugovsky »

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
  • Karma: +0/-0
    • View Profile
Re: My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber
« Reply #1 on: May 06, 2011, 01:08:59 pm »
Hi,

I hope it is ok to use this thread for my "problem".
I mention always a little delay while surfing the web when squid is enabled.
This is my hardware:

2.0-RC1 (amd64) built on Thu May 5 18:46:28 EDT 2011
Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
4GB RAM
4x  1GBit/s NIC for connecting my different LAN

my squid config:
Hard disc cache: ~10GB
cache system: ufs
RAM: 1GB
min filesize disc: 0kb
max filesize disc: 200MB
max filesize RAM: 512kb
Level 1 subdirectories: 32
disc/RAM: Heap LFUDA


I am in a testing environment with 15 Users and I would like to use squid to speedup surfing and caching windows updates and not for having such a delay I am having at the moment.

It helped me to speedup squid with using ufs and vfs.read_max = 512


I would be interested in this parameters in your config:

Code: [Select]
for squid:

in /boot/loader.conf
kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

in cache manager options in gui, used null for hard disk cache and alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20

Perhaps you could explain that for me because the google explainations didn't help me to understand this parameters.

Thank you very much for your help.

PS: If you like, I will be very interested in your firewall optimizations, too!

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8156
  • Karma: +5/-0
    • View Profile
Re: My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber
« Reply #2 on: May 06, 2011, 01:59:29 pm »
Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.html

Steve

Offline Hugovsky

  • Full Member
  • ***
  • Posts: 128
  • Karma: +0/-0
    • View Profile
Re: My setup: pfsense 2.0 - Squid - SquidGuard 400+ users thru fiber
« Reply #3 on: May 06, 2011, 04:23:27 pm »
Just to say that changes to the boot file should be in:
/boot/loader.conf.local
Changes added there will be copied across an upgrade.
See: http://forum.pfsense.org/index.php/topic,28181.0.html

Steve


Thanks..

Updating the thread, I have to say that since I'm on RC versions, things have changed. I've stopped using these:

kern.ipc.nmbclusters="32768"
kern.maxfiles="131070"

And it's running very well.

alternate dns 127.0.0.1

in squid.inc(usr/local/pkg):
dns_children 20



Don't use this too.

As for the other options, I'm not using disk cache. It seemed to me that that was really my problem. Slow disks. Squid cache was very intensive  with my 400+ users. I've changed my updates to an WSUS server and I'm only using squid in pfsense with squidGuard. The rest of my setup remains the same. (same advanced options)
« Last Edit: May 06, 2011, 04:26:26 pm by Hugovsky »