pf.conf
================
TcpState ="flags S/SAFR modulate state"
# HTTP proxy
pass in quick on $int_if inet proto tcp from <clients> to !<no_squid> port 80 rdr-to 127.0.0.1 port 3128

set timeout { frag 10, tcp.established 12600 }
set timeout { tcp.first 30, tcp.closing 2, tcp.closed 2, tcp.finwait 2 }
set timeout { udp.first 60, udp.single 60, udp.multiple 60 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }

pass in quick on $int_if inet proto tcp from <clients>  to 127.0.0.1  port 3128 no state

pass out quick on $ext_if inet proto tcp from ($ext_if) to !($ext_if) port 80 $TcpState queue www_out
====================================================================================================
При небольшом количестве пользователей(30-50)- все летает.
-bash-4.1# netstat -ant | awk '{print $6}' | sort | uniq -c | sort -rn | head
147 ESTABLISHED
  76 FIN_WAIT_2
  65 TIME_WAIT
  27 LAST_ACK
  18 LISTEN
  14
   8 0xd47a15c0
   4 Foreign
   3 0x0
   1 FIN_WAIT_1
При 250-300, начинаются тормоза
bash-4.1# netstat -ant | awk '{print $6}' | sort | uniq -c | sort -rn | head
1962 FIN_WAIT_2
1367 TIME_WAIT
1043 ESTABLISHED
512 FIN_WAIT_1
  54 LAST_ACK
  18 LISTEN
  14
   8 0xd47a15c0
   4 SYN_SENT
   4 Foreign

Возможно ли уменьшить число FIN_WAIT_2 и TIME_WAIT ? (tcp.closing 2, tcp.closed 2, tcp.finwait 2) - не дает никаких результатов.Конфиг squid -- стандартный.