On Wed, 11 Aug 2010 17:41:04 -0500, Luis Daniel Lucio Quiroz <luis.daniel.lucio@xxxxxxxxx> wrote: > Le mercredi 11 août 2010 15:39:52, fRANz a écrit : >> Hi, >> >> for personal use I've a Soekris net4801 board with OpenBSD and Squid >> as firewall and proxy server. >> Squid works in transparent mode on the same Soekris board, pf send to >> it http traffic with an rdr rule: >> >> rdr pass inet proto tcp from $prv_ad to any port 80 \ >> -> 127.0.0.1 port 3128 >> >> Without rdr rule (so without Squid), Speedtest reports 3.5Mbps as >> download speed, when I enable rdr speed goes down to only 2.6Mbps. >> How can I improve my Squid config to reach 3.5Mbps?! >> >> More details: >> board: Soekris net4801 >> os: OpenBSD 4.6 >> squid: squid-2.7.STABLE6 >> >> - squid config: ------------------------------------------------- >> http_port 127.0.0.1:3128 transparent >> visible_hostname proxy.local.domain >> cache_mgr root@xxxxxxxxxxxx Sigh. So the remote admin who want to contact you about problems they encounter coming out of your proxy are supposed to email root@xxxxxxxxxxxx about the host at proxy.local.domain?. Very helpful :( >> >> acl CONNECT method CONNECT >> acl all src 0.0.0.0/0.0.0.0 >> acl restr src 192.168.100.50 192.168.100.51 \ >> 192.168.100.52 192.168.100.53 192.168.100.54 >> acl tutto src 192.168.100.0/255.255.255.0 acl all src all acl restr src 192.168.100.50-192.168.100.54 acl tutto src 192.168.100.0/24 :) >> acl localhost src 127.0.0.1 >> acl filetypes urlpath_regex -i "/etc/squid/extra/filetypes" >> acl adservers dstdomain "/etc/squid/extra/adservers" >> acl whitelist dstdomain "/etc/squid/extra/whitelist" >> acl Skype_UA browser ^skype^ >> >> cache deny all >> http_access allow whitelist >> http_access deny adservers >> http_access allow CONNECT localhost Skype_UA >> http_access allow tutto !restr >> http_access deny restr filetypes >> http_access allow restr >> http_access deny all >> >> access_log syslog:daemon.info >> emulate_httpd_log on Um. Logging to syslog in apache format. Okay. access_log syslog:daemon.info common >> cache_log /dev/null Please at least start Squid with the command line options -s or -l which will pipe the critical process errors into your syslog as well. >> cache_store_log none >> --------------------------------------------------------------------------- >> - >> >> Let me know if futher information are required. >> Thank you for any tips, >> -f > As far as i know soekris boxes, i also install linux on them, this coould > be > because IO. Try disabling your cache_dir cache, only use memory cache. > This > should improve performance. Particularly since you have "cache deny all" anyway. That change will make the temporary holding objects not cycle through disk in transit only to be deleted. Amos
