Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 27 November 2024, 02:43:32 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Slow Proxy on EFW 3.0 (while normal in EFW 2.5.2)
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Slow Proxy on EFW 3.0 (while normal in EFW 2.5.2)  (Read 34691 times)
Kajowas
Full Member
***
Offline Offline

Posts: 18


« on: Thursday 15 May 2014, 05:05:34 pm »

Hello,
I'm preparing a new firewall with endian firewall 3.0 (while the company still uses the 2.5.2 version)

I noticed that new 3.0 version don't use dansguardian anymore but uses c-icap which should "improve performance" (so said the changelog of efw 3.0)
Well, it's exaclty the opposite:

This is the hardware:
old 2.5.2 server: Pentium4 3.0Ghz with 2GB of RAM
new 3.0 server: Dual CPU Xeon 3.2Ghz (with HT enabled) and 2GB of ECC RAM (CL3)

The 3.0 server is much more slow on proxy connections than the old one, and as you see it's a lot faster than the old one.

I guess if there's some parameters that is necessary to tune in order to use c-icap at least as fast as dansguardian was...

Any suggestions?
Logged
Alphamale
Jr. Member
*
Offline Offline

Posts: 9


« Reply #1 on: Thursday 10 July 2014, 02:52:06 am »

Any one?
Logged
kieronrob
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #2 on: Friday 11 July 2014, 10:08:19 pm »

Hi,

Endian moved from Dansguardian to C-ICAP from version 3.0. In order to improve performance you need to edit a settings file from the cli.

#nano  /usr/lib/efw/icap/default/settings

It shows the following:

MAX_SERVERS=3
THREADS_PER_CHILD=10

Which are pretty low for a lot of users or high speed bandwidth.

Change the settings to:

MAX_SERVERS=10
THREADS_PER_CHILD=50

Save and exit the file and reboot or restart the C-ICAP service.

It should improve markedly.
Logged
Alphamale
Jr. Member
*
Offline Offline

Posts: 9


« Reply #3 on: Friday 11 July 2014, 11:44:55 pm »

Thanks kierobrob.
In my case i dont use c-icap (is stopped), but my internet connection is very slow.
Do you have another configuration for squid or other service?

Note: Only proxy users have issues.
Logged
davevo
Jr. Member
*
Offline Offline

Posts: 4


« Reply #4 on: Wednesday 16 July 2014, 11:58:13 pm »

try this in your squid.conf file

Well, I added some tweaking into the squid.conf configuration files putting the following in:

hosts_file /etc/hosts
dns_nameservers x.x.x.x x.x.x.x
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
cache_dir aufs /var/spool/squid 40000 16 256
cache_mem 100 MB
logfile_rotate 10
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
Logged
Kajowas
Full Member
***
Offline Offline

Posts: 18


« Reply #5 on: Thursday 30 April 2015, 12:55:06 am »

After a lot of trial and error I found that the HUGE problem is the HTTP PROXY CACHE with EFW 3.0 and following 3.0.5beta1

If you disable the cache by putting 0 in all the fields, and 1 in HARD DISK CACHE (because 1MB is the minimum value allowed) then the proxy starts working surely better.

Then the increased values in icap.conf works, but they're not the main solution.
Logged
Kajowas
Full Member
***
Offline Offline

Posts: 18


« Reply #6 on: Thursday 30 April 2015, 06:03:45 pm »

After a lot of trial and error I found that the HUGE problem is the HTTP PROXY CACHE with EFW 3.0 and following 3.0.5beta1

If you disable the cache by putting 0 in all the fields, and 1 in HARD DISK CACHE (because 1MB is the minimum value allowed) then the proxy starts working surely better.

Then the increased values in icap.conf works, but they're not the main solution.


Well, I quote myself because it's not really true..... if you have problems you can try disabling proxy cache, but I found I had other problems and now that I fixed them the proxy cache works as usual...
Logged
crisman
Full Member
***
Offline Offline

Posts: 15


« Reply #7 on: Thursday 07 May 2015, 07:13:02 pm »

After a lot of trial and error I found that the HUGE problem is the HTTP PROXY CACHE with EFW 3.0 and following 3.0.5beta1

If you disable the cache by putting 0 in all the fields, and 1 in HARD DISK CACHE (because 1MB is the minimum value allowed) then the proxy starts working surely better.

Then the increased values in icap.conf works, but they're not the main solution.


Hi Guys,

I'm new in Endian and installed the 3.0.5 Beta only for using as proxy server for our AD domain, I have seen slow internet connections and Squid was consuming all CPU resources, so followed the instructions from user Kajowas and disabled the cache proxy but I would like to use it in future and it should be a better way to have this working fine,  the way I use an HP DL380 G4 with 6 Gb Ram and 2 Xeon 3.6 DP processor so machine is more than enough for this.
I would like to know if someone is able to give a solution for the Squid eating all CPU resources wothout using this hack?

Thanks.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com