[squid-users] fyi

From: Van Bossche Koen <Koen.VanBossche@dont-contact.us>
Date: Thu, 14 Mar 2002 10:50:27 +0100

Hi all,

I have about 20 proxyservers running now very well with squid DEV2.5. They
work very well for about 6 weeks now.

To make them all performing better, I have done the following :
1/ installed local caching nameserver on all
2/ tuned the smb_auth
3/ and added to sysctl.conf
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Increase number of filedescriptors available
fs.file-max = 16384
# change bdflush parameters for vm
vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
# change buffermem parameter for vm
vm.buffermem = 70 10 60
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

These changes (most of all local dns) made a big difference. The 3 parent
proxies have now 251req/min (serving 600 users), 259 req/min (serving 600
users) and 450req/min (serving 1500 users).
I hope this information is usefull to others, but also wonder what other
users might have done to tune there systems. Let me know!

I have 2 more questions to you all. There are 2 more things I would like to
add to my configuration :
1/ user policy page when auth box appears. How can this be implemented? I
have seen the same question several times, but did not see any answers yet.
2/ interface for filtering, webpage or something. Squid has a lot of
possibilities, however many local administrators are used to work with
Windows and expect a GUI. I have reviewed Webmanager and SurfControl for
this purpose, however this costs a lot and in fact most of there features
squid can handle. However I cannot convince a Windows guy to edit a text
file on a linux box.
I myself am not a developer. Does somebody use a self written or open source
software to implement or change rules to squid.conf or to edit text files on
a linux box through web interface? Do you want to share this information.
Something like SWAT for Samba is very usefull.

Kind Regards,
./koen

Koen Van Bossche

KONE International SA
KCO Telecom
Ave E. Van Nieuwenhuyse, 6
B - 1160 Brussels, Belgium
Tel : +32 (0)2 676.93.81
Fax : +32 (0)2 676.93.91
Received on Thu Mar 14 2002 - 02:50:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:55 MST