mayak chunder-qwern | 1 Oct 09:38 2009

squid clobbering performance

hi all,

any reason (or what can i look at) to see why squid transparent proxying
is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
with proxy, dell.fr takes 20+ or more)

running latest stable version in a vmware virtual machine with nice
hardware.

thanks

mcq

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Abdulrehman | 1 Oct 10:06 2009
Picon

Re: squid clobbering performance

Simply bypass this website from squid..make your squid to do not cache any content of this site...

On Thu, Oct 1, 2009 at 12:38 PM, mayak chunder-qwern <mayak-Uy96zBd7GlqBik42HM7KXg@public.gmane.org> wrote:
hi all,

any reason (or what can i look at) to see why squid transparent proxying
is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
with proxy, dell.fr takes 20+ or more)

running latest stable version in a vmware virtual machine with nice
hardware.

thanks

mcq


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org




--


Regards
Abdulrehman
mayak chunder-qwern | 1 Oct 10:18 2009

Re: squid clobbering performance

On Thu, 2009-10-01 at 13:06 +0500, Abdulrehman wrote:
> Simply bypass this website from squid..make your squid to do not cache
> any content of this site...
<snip>
> Regards
> Abdulrehman

i should have been more specific -- all web traffic is slowed, i just
gave dell.fr as an example ...

cheers

mcq

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Ermal Luçi | 1 Oct 11:02 2009
Picon

Re: One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot

On Wed, Sep 30, 2009 at 11:48 PM, Evgeny Yurchenko
<evg.yurch@...> wrote:
> Scott Ullrich wrote:
>>
>> On Wed, Sep 30, 2009 at 5:27 PM, Evgeny Yurchenko <evg.yurch@...>
>> wrote:
>>
>>>
>>> Well, I am sorry for confusion... but could you please confirm that this
>>> is
>>> from 2.0 filter.inc, starting at line 1961:
>>>                      if ($type == "pass") {
>>>                              if (isset($rule['allowopts']))
>>>                                      $aline['allowopts'] = " allow-opts
>>> ";
>>>                              if( isset($rule['source-track']) or
>>> isset($rule['max-src-nodes']) or isset($rule['max-src-states']) )
>>>                                      if($rule['protocol'] == "tcp")
>>>                                              $aline['flags'] = "flags
>>> S/SA
>>> ";
>>>
>>
>> No, I see:
>>
>>                                $cron_item = array();
>>
>>
>>>
>>> PS: I must stop playing with pfSense -(((
>>>
>>
>> Why do you say that?
>>
>> Scott
>>
>
> Because it would be stupid to copy at least two files filter.inc and
> firewall_rules_edit.php from 2.0 to 1.2.2. And I do not recall I modified

Good luck in doing this!

> this part of these files on any of my test boxes, but I do remember I was
> happy when I discovered this check-box... Now I am not sure on which version
> I discovered it first... Mystery...
> firewall_rules_edit.php on my 1.2.2 box is 35773 bytes in size.  On 2.0 it
> is 49332. Ok, may be I am too tired today. Just note for myself: this
> check-box is available starting from 2.0.
>
> Thanks anyway and sorry for this mess.
> Evgeny.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
>
> Commercial support available - https://portal.pfsense.org
>
>

--

-- 
Ermal

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Abdulrehman | 1 Oct 11:16 2009
Picon

Re: squid clobbering performance

check your cache management settings...i guess there something wrong with cache...check on which interface your squid is listening...it should be LAN interface.

On Thu, Oct 1, 2009 at 1:18 PM, mayak chunder-qwern <mayak-Uy96zBd7GlqBik42HM7KXg@public.gmane.org> wrote:
On Thu, 2009-10-01 at 13:06 +0500, Abdulrehman wrote:
> Simply bypass this website from squid..make your squid to do not cache
> any content of this site...
<snip>
> Regards
> Abdulrehman

i should have been more specific -- all web traffic is slowed, i just
gave dell.fr as an example ...

cheers

mcq


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org




--


Regards
Abdulrehman
Paul Mansfield | 1 Oct 11:33 2009

Re: squid clobbering performance

On 01/10/09 08:38, mayak chunder-qwern wrote:
> hi all,
>
> any reason (or what can i look at) to see why squid transparent proxying
> is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
> with proxy, dell.fr takes 20+ or more)

have you restricted the amount of memory squid can use?

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Morgan Reed | 1 Oct 12:00 2009
Picon

Re: squid clobbering performance

On Thu, Oct 1, 2009 at 17:38, mayak chunder-qwern <mayak@...> wrote:
> any reason (or what can i look at) to see why squid transparent proxying
> is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
> with proxy, dell.fr takes 20+ or more)

Are you using Squid for caching? If you are your cache is most likely
misconfigured. If you don't require caching turn it off and see how it
behaves itself.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

mayak chunder-qwern | 1 Oct 12:42 2009

Re: squid clobbering performance

On Thu, 2009-10-01 at 10:33 +0100, Paul Mansfield wrote:
> On 01/10/09 08:38, mayak chunder-qwern wrote:
> > hi all,
> >
> > any reason (or what can i look at) to see why squid transparent proxying
> > is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
> > with proxy, dell.fr takes 20+ or more)
> 
> 
> have you restricted the amount of memory squid can use?

hi paul, hi morgan,

i thought to cache corruption, so i killed squid, did a squid -z, squid
-k reconfigure -- still no joy. un-installed squid, reinstalled, etc.,
and i still get enormous lag.

below is config ...

cheers

mcq

General Settings
proxy interface: lan
allow users on interface: checked
transparent proxy: checked
bypass for rfc 1918: no
bypass source ips: no
enable logging: no
log store: /var/squid/log
log rotate: empty
proxy port: 3128
icp port: empty
visible hostname: localhost
admin mail: admin <at> localhost
lang: english
disable x-forward: checked
disable via: checked
requests with whitespace: allow
alternate dns: empty
suppress version: checked
custom options: empty

Cache Management
cache size 1500
cache fs: aufs
cache loc: /var/squid/cache
mem chache size: 64
minimum object: 1000
max object: 100000
level 1 dirs: 16
mem replacement: Heap GDSF
cache replacement: Heap LFUDA
low water: 90
high water: 95
don't cache: empty
enable offline: no

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Paul Mansfield | 1 Oct 15:02 2009

Re: squid clobbering performance


I assume you're retyping the config rather than giving us
"grep -v ^# squid.conf"

you sure the cache size 1500 is 1500MB and not 1500KB? is it using 
sufficient disk space? if the disk cache is too small it'll be pointless 
having it.

also, have you turned logging level up too far, if you log too much it 
can thrash a small system.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Pete Boyd | 1 Oct 15:29 2009

why delete captive portal accts on expiry?

Why are captive portal accounts automatically deleted when they expire?

To my mind, it would be more useful if they were left in place, expired,
so that to re-enable them for the admin person was an easy task of just
choosing a new expiry date.

As it is, when we have a user pay again for their Internet access, rather
than just paying remotely and telephoning in that they've done so, they
have to come in to where the admin person is in order to re-enter their
password (for privacy/security reasons).

Pete Boyd

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org


Gmane