After several months of running pfSense as my home router solution, I now feel that my current Squid Proxy configuration is stable enough to recommend. I have been running the current Squid 3 package that is available in pfSense without many issues. The configuration is pretty simple. Primarily I found that running proxies, including Squid, in transparent mode is just too much trouble for home networks. Transparent mode never quite works right with iOS devices and other media devices, that in the end is not worth the hassle. Instead I manually specify a web proxy in my preferred browsers: Firefox, Safari, and IE. for the iPhone, you can specify a proxy for the wireless connection you are using. It is kind of a pain to have to remember to input a proxy, but you only do it one time and it is easier to troubleshoot one application or device at a time then trying to troubleshoot transparent mode and bring down all usage while you work things out.
I have a small home user network with around 20 different devices all communicating to the router. There are about six computers, and the rest of the devices are your typical smart phones, iPods, game consoles, and media players. The Squid setup is there to speed up web browsing and downloads for the computers and web browsers on the phones and iPods.
There are some basic configuration recommendations on the pfSense Wiki, but once you get past that, there is not much out there as to what settings to use. In general Squid uses two resources: disk space and memory. For my configuration I have settled on a 32 disk cache setting, meaning I have set aside 32GB of disk space to cache to disk. For memory, Squid utilizes memory in two different ways. The first to hold an index of the disk cache and the rest for the rest of Squid functions. To calculate the memory usage, the rule is that you need 10 MB for each Gigabyte of space you are caching.
- cache_mem 640 MB
- maximum_object_size_in_memory 4096 KB
- minimum_object_size 0 KB
- maximum_object_size 4194304 KB
- cache_dir ufs /var/squid/cache 32768 16 256
Using the parameters above, I have decided to utilize 640 MB for cache memory, which is twice the rule. The largest cached object in memory is 4 MB, meaning anything larger than 4 MB will not be cached in memory and will have to rely on disk cache. Lastly the largest file on disk that can be cached is equal to 4 GB.
With this configuration and typically 3 to 8 devices connecting to the proxy, at the most the disk cache grows by a couple of GB a week. More importantly, RAM for the router peaks at 58% in use, which leaves plenty of room for other pfSense functions. The current router has 4GB of RAM and is an Intel Atom CPU based system.