EFW Support

I'm pulling my hair out trying to trouble shoot this.  Any ideas are welcome.

EFW 2.5.1 community  running on an intel i5 (4 cpus shown) @ 2.8 Ghz with 2Gb of memory.

At all times, there's at least 1 Gb of memory free.  This EFW serves as a NAT/Firewall for a few servers and 7 end users.

I have a 100/100Mbit internet connection.

I have 2 onboard gig Intel NICs which are 82574L , and a 4 port gig ethernet card which is a realtek RTL8111/8168B

My internet throughput through the Endian is terrible.  Directly connected to the ISP, bypassing the endian, I get 85+Mbit/s down and 80+Mbit/s up - connected through the endian I get 40Mbit/s down and 20Mbit/s up.

I am not running anything extra.  No intrusion detection, no Proxy, no outbound firewall.  I have 18 port forwarding rules, and 6 source nat rules. VPN is not enabled.

I have swapped the RED interface to different ethernet ports, no help.  I have swapped GREEN interface to different ethernet ports, no help.  I have used various sysctl settings found to optimize and tune the TCP stacks, no help. All NICs are linked at 1000Mbit/s Full Duplex, per ethtool.

During a speed test, the CPU usage seen in "top" is not even being touched.  The interrupts are almost nothing. This isn't a CPU issue as far as I can tell.

Does anyone have any idea whats going on, and what I can do to further test and fix this?

Forgot to mention, no QoS is enabled.

More information:

I used a free ip on a Juniper SSG140 with the same network cabling and the speed tests showed 75Mbit up and 86Mbit down

Definately has something to do with the Endian.

Ideas?

Nobody?  ???

Can someone, maybe an EFW community developer, compile the latest Intel e1000e.ko module for EFW 2.5.1?  I'll try that.  I tried two off of elrepo but it did not work with the 2.5.1 kernel.

My currnet e1000e.ko is:
filename:       /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/e1000e/e1000e.ko.gz
version:        1.0.2-k2

But Intel has version 2.2.14 out now.

Here's the link to the source: http://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=15817

I rebuilt the e1000e RPMs using the latest tar and placed them in my update repositories.

The update repository is described in this thread: http://www.efwsupport.com/index.php?topic=3602.0

I have your channels active for smart and was able to get the e1000e.ko for version 1.3.10a-NAPI working fine.  It didn't make any difference in my throughput issue though.

I removed it and installed from updates repo the 2.2.14 version, but I could not locate the updated e1000e.ko kernel module.  In order to get it from the updates repo, I made ossw-release priority of -50

Is there something I was doing wrong not to be able to find the 2.2.14 version of e1000e.ko?

Regardless, the throughput issue with a newer (not latest) intel e1000e driver didn't fix my issue.

Anyone have any other ideas?  I'd like to get the latest e1000e driver working just to absolutely rule that out as an issue.

I think you want to install kernel-module-e1000e package.

Ok that did it, thanks so much for helping with that driver!

filename:       /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/e1000e/e1000e.ko.gz
version:        2.2.14-NAPI

Now we can rule out the e1000e driver as the issue.  I figured that wasn't the issue because I have already swapped both GREEN and RED over to a Realtek card with the same throughput issue.  I wanted to be 100% sure I was using the latest drivers though to rule that out.

I'm still getting TERRIBLE throughput from GREEN to RED.

I even went so far yesterday as to load up a fresh Endian 2.5.1 with no firewall rules whatsoever - straight out of the box running on a xeon 2.5 ghz quad core with 4 gb of memory - and have the exact same throughput issue.

Anyone have any ideas?

swapped all the memory in the efw for new memory

same slow throughput

anyone have any ideas?

160+ views of this and only one person has even attempted to help me.  ::)

Anyone?

Hello? Anyone?

Well i noticed the same thing but I have no answer unfortunately.

Installed clearos community and I get the full bandwidth with no issues.  What's up Endian?  Am I going to have to use another firewall because Endian can't handle the speed or what?

Hello,

I am quite new to this forum, even though I am using Endian for quite some time now. After having problems with the old hardware, I updated to the Gigabyte GA-Z77X-UD5H mainboard with an i3 and some other stuff. After installing I realized, that the two nic's (Intel 82579V & Atheros 1969:1091) were not recognized by Endian 2.5.1.
Since I installed also a Intel 82541 nic and a Mac USB Lan Adapter, I got it finally working (Gateway with only 1 nic doesn't seemed to work).

Anyway, since a  of days I tried to get the two onboard nic's  without any success. I decided to postpone the Atheros problem since there is no rpm available or at least I haven't found one. Therefore, I tried to update the e1000e driver as well, but for some reason it won't work.
I managed to add the community repo but after the update/upgrade the web access is not working. SSH is still working, and the intel card is still not recognized.

Danoh,
could you please tell me, how you managed to update the driver? Which were the commands you used in the shell?

Thanks for your help.
Indiana Horschd

Update:
I finally managed to get the driver updated.
The issue was, that all the drivers are installed under 2.6.32.43-57.e43.i586 but the update was installed under 2.6.32.43-57.e43 and therefore wasn't recognized.
After copying the e1000e.ko file to the right location and adding it to the modprobe.conf I finally see my network card.

Indiana Horschd

Still having throughput issue.  I'm really loving this community support. Almost 900 views of this thread now and only one person has even bothered to help.

...  ???

Did you check "Log accepted outgoing connections" on Firewall menu ?

I guess that efw's file i/o tired up your efw's resource.
I suggest don't check "Log accepted..." and check logfiles on /var/log via SSH.

It's not checked and outgoing fw is not enabled.

There's no I/O issue that I can tell. This box has plenty of resources and fast drives.

bump.....  ??? ??? ???

I have checked these speeds starting from 38.70 down / 2.14 up without Endian.  I have two Intel 82574L (e1000e drv.) + Atom d2500 + SSD

It has been checked two times each one, with enough time between them.
- Snort (all rules) + Proxy (transparent) + IPS (in zones and Outgoing Firewall) + Outgoing Firewall (HTTP/s, DNS)
- Log active for Snort, Firewall and Proxy

1- Snort On + Proxy On + IPS On + Firewall On:  (11.24 - 2.08)
2- Snort On + Proxy Off + IPS On + Firewall On:  (24.47- 2.12)
3- Snort Off + Proxy On + IPS Off + Firewall On: (26.44 - 2.12)
4- Snort Off + Proxy Off + IPS On + Firewall On:  (37.32- 2.12)
5- Snort Off + Proxy Off + IPS On + Firewall Off:  (38.21- 2.12)
6- Snort Off + Proxy Off + IPS Off + Firewall Off:  (24.16 - 2.15) (I don't understand this. I had repeated 4 times)

Also, it seems the Snort causes a good delay when I check more than 2 rules.  Perhaps it depends of my hardware, I'm not sure..

Prueba con esto, a mi me funciono:

With this fix . . . .

nano /usr/lib/efw/dansguardian/default/settings
change the values as below:

MAXCHILDREN=500
MINCHILDREN=128
MINSPARECHILDREN=32
PREFORKCHILDREN=16
MAXSPARECHILDREN=256
MAXAGECHILDREN=10000


Also if you are facing slow browsing issue change the following values:

nano /var/efw/havp/settings

change 2 values as below

MAXSERVERS=150
SERVERNUMBER=50


I have a efw  running 500 users through a 10mbit fiber connection with the above settings modified.

I have EFW 3.0 and that directories doesnt exists. How i can do that in this version?
Sorry for my english, thanks.

Danoh,
I have two efw 2.5.1 boxes at two separate locations. One has full throughput the other had extremely slow throughput.
Swapped nics, ram, cables no change
Turned off all proxys and outgoing firewall and that solved it for me.
I am still testing turning things back on to pinpoint it. If I find anything else I will post

Danoh,

Is your outgoing firewall enabled? I have found that it limits my throughput to a max of ~20MBS.

If you are having an issue locating the files just type

find / -name havp

it will show you all instances of folders and files named havp

I'm sorry to hear you have so many issues. I have noticed similar issues few times but swapping NIC did help. In your case that does not seems to work. I would suggest that you give a pfsense a try. It is bsd based and very robust firewall with more features than endian and any other firewall and performance is unmatched by any firewall distro.
If you do not need  feature reach firewall you can try IPFire which is also very good open source firewall similar features as endian but performance is a bit better. I hate the GUI with this distro though.

good luck

EFW 3.0.5

WITHOUT transparent proxy all looks good.

But when enabled, download  ~5,34MB = ~40Mbit/s per single download - stream is quite stable, just litle fluctuation. Can run multiple downloads - all runs at 40Mbit/s (did try 3x at the same time).

No others (related) services enabled (QoS, Nagios, etc...)

There must be some settings in Squid or c-icap !!! - 40Mbit can't be

btw: does some developer reading this threads?


hw:
Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
Intel Corporation 82583V Gigabit Network Connection
2GB DDR3
SSD HDD