EFW Support

Hello,
I'm preparing a new firewall with endian firewall 3.0 (while the company still uses the 2.5.2 version)

I noticed that new 3.0 version don't use dansguardian anymore but uses c-icap which should "improve performance" (so said the changelog of efw 3.0)
Well, it's exaclty the opposite:

This is the hardware:
old 2.5.2 server: Pentium4 3.0Ghz with 2GB of RAM
new 3.0 server: Dual CPU Xeon 3.2Ghz (with HT enabled) and 2GB of ECC RAM (CL3)

The 3.0 server is much more slow on proxy connections than the old one, and as you see it's a lot faster than the old one.

I guess if there's some parameters that is necessary to tune in order to use c-icap at least as fast as dansguardian was...

Any suggestions?

Any one?

Hi,

Endian moved from Dansguardian to C-ICAP from version 3.0. In order to improve performance you need to edit a settings file from the cli.

#nano  /usr/lib/efw/icap/default/settings

It shows the following:

MAX_SERVERS=3
THREADS_PER_CHILD=10

Which are pretty low for a lot of users or high speed bandwidth.

Change the settings to:

MAX_SERVERS=10
THREADS_PER_CHILD=50

Save and exit the file and reboot or restart the C-ICAP service.

It should improve markedly.

Thanks kierobrob.
In my case i dont use c-icap (is stopped), but my internet connection is very slow.
Do you have another configuration for squid or other service?

Note: Only proxy users have issues.

try this in your squid.conf file

Well, I added some tweaking into the squid.conf configuration files putting the following in:

hosts_file /etc/hosts
dns_nameservers x.x.x.x x.x.x.x
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
cache_dir aufs /var/spool/squid 40000 16 256
cache_mem 100 MB
logfile_rotate 10
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

After a lot of trial and error I found that the HUGE problem is the HTTP PROXY CACHE with EFW 3.0 and following 3.0.5beta1

If you disable the cache by putting 0 in all the fields, and 1 in HARD DISK CACHE (because 1MB is the minimum value allowed) then the proxy starts working surely better.

Then the increased values in icap.conf works, but they're not the main solution.

Well, I quote myself because it's not really true..... if you have problems you can try disabling proxy cache, but I found I had other problems and now that I fixed them the proxy cache works as usual...

Hi Guys,

I'm new in Endian and installed the 3.0.5 Beta only for using as proxy server for our AD domain, I have seen slow internet connections and Squid was consuming all CPU resources, so followed the instructions from user Kajowas and disabled the cache proxy but I would like to use it in future and it should be a better way to have this working fine,  the way I use an HP DL380 G4 with 6 Gb Ram and 2 Xeon 3.6 DP processor so machine is more than enough for this.
I would like to know if someone is able to give a solution for the Squid eating all CPU resources wothout using this hack?

Thanks.