Pages

Sunday, December 27, 2009

pfSense: Speed-up Transparent Squid Proxy

Its been a few days that I did some tweaking on Squid Proxy and it appears stable! This all came about as I was trying to speed-up data fetching and finding that for some reason the cache was just too slow for actual use. I wondered if it was at all worth it (obviously slow proxy means unhappy users ... especially if its your home users).

In gratitude to the discussion I found in the forum, its reposted and message re-arranged here in summary below:

Question:
Why squid is so slow?

Answer:
The default configuration of pfSense is a router not as a server, that is why kern.ipc.nmbclusters="0". Simply remove this line and Squid will be just fine.

Add the lines below to the /boot/loader.conf
kern.ipc.nmbclusters=32768
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.ip.portrange.last=65535

Alternatively, just delete it and replace with:
autoboot_delay="1"
#kern.ipc.nmbclusters="0"
hint.apic.0.disabled=1
kern.hz=100
#for squid
kern.ipc.nmbclusters="32768"
kern.maxfiles="65536"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"

5 comments:

  1. were can i find my loader.conf..if i use virtual machine to install pfsense..sense squid is built in pfsense...

    ReplyDelete
  2. Thanks!

    I applied these tweaks to my pfsense and noticed an increase in speed all around. Most importantly this greatly improved the performance of squid.

    That default setting may be a left over from Monowall which is optimized for embedded boxes with low memory etc. You should bring this to the attention of the pf developers.

    Regards,

    Sam

    ReplyDelete
  3. Thanks a lot man, this tip works great!!!
    Regards from Uruguay

    Adis

    ReplyDelete
  4. hint.apic.0.disabled=1

    that line made my pfsense to get error.

    kernel trap 12:

    ReplyDelete
  5. thx!
    Regards from Portugal

    ReplyDelete