Home Page › Forums › Network Management › ZeroShell › High Latency Using HTTP PRoXY – ZeroShell Bridge
- This topic is empty.
-
AuthorPosts
-
June 27, 2010 at 12:47 am #42468
SupaJ
MemberHi,
I have zeroshell configured as a brigde – which works fine. However, when I activate the HTTP proxy, web browsing on clients connected to zeroshell is very slow. Sometimes pages even time-out. Can anyone help? Cheers.June 27, 2010 at 9:49 am #50561ppalias
MemberCould it be that cpu is stressed with the use of proxy?
June 27, 2010 at 11:28 am #50562SupaJ
MemberIt’s weekend and I don’t have access to the PC right now, hence I can’t check the CPU usage when the HTTP proxy is on – notwithstanding, it’s a 1.8GHz P4 w/ 256MB RAM. Shouldn’t that be more than sufficient to run the HTTP Proxy? Thanks.
June 27, 2010 at 4:13 pm #50563ppalias
MemberNow that you mention the server specs it should be a problem, but I thought I should ask anyway.
June 27, 2010 at 7:39 pm #50564SupaJ
MemberAny other suggestions? Does the HTTP proxy depend on any other service, e.g. DNS? What could be causing the slow browsing when it is turned on? It normally starts with a small latency and then the delay gradually increases over a few minutes – until web browsing becomes almost unbearable through it. Could it be the antivirus? How do I turn it off? Thanks.
June 28, 2010 at 7:10 am #50565ppalias
MemberYou didn’t mention if the CPU load is ok when the proxy is turned on. It could be the “Access Logging (check the law in your country)” if it is logging anything. Try to switch it to “Only URL containing virus”.
June 28, 2010 at 12:28 pm #50566SupaJ
Member@ppalias wrote:
You didn’t mention if the CPU load is ok when the proxy is turned on.
I checked my CPU log – it’s hardly ever above 4%.
@ppalias wrote:It could be the “Access Logging (check the law in your country)” if it is logging anything. Try to switch it to “Only URL containing virus”.
I had already done that – switch it to “Only URL containing virus”.
Quick question: I am running a bridge but i am capturing on ETH0 and ETH1 but not BR0. Is this correct?
Edit: Additionally I noticed the following:
CPU usage w/o HTTP proxy: 4%
CPU usage w/ HTTP proxy: 8%RAM usage w/o HTTP Proxy: 84MB
RAM usage w/ HTTP Proxy: 174MB (max RAM on PC is 256MB)Can the above factors hinder the performance of the HTTP Proxy?
June 28, 2010 at 2:55 pm #50567ppalias
MemberMy guess is that you should be capturing on BRIDGE interface. CPU usage and memory usage seem not to be the bottleneck. Try to switch capturing the BRIDGE interface only and make sure you capture only one way, e.g use source address of your local lan.
June 28, 2010 at 6:28 pm #50568SupaJ
Member@ppalias wrote:
My guess is that you should be capturing on BRIDGE interface. CPU usage and memory usage seem not to be the bottleneck. Try to switch capturing the BRIDGE interface only and make sure you capture only one way, e.g use source address of your local lan.
I switched to bridge as per your suggestion – still no improvement. Web pages continue to load very slowly when HAVP is activated – logging is turn off(only logs webpages with virus), image scanning is also off. Is there a way for me to temporarily turn off the antivirus and leave the http proxy on?
June 28, 2010 at 10:07 pm #50569ppalias
MemberI don’t think this can be done, I can see that the selection is disabled.
Try this one; open a shell and run the top command. Start using the proxy and check if any process seems to be taking too much memory or CPU. Also open a new shell and run iptraf and select general interface statistics. Check what is the network utilization while you turn proxy on and off.June 29, 2010 at 12:52 pm #50570SupaJ
Member@ppalias wrote:
I don’t think this can be done, I can see that the selection is disabled.
Try this one; open a shell and run the top command. Start using the proxy and check if any process seems to be taking too much memory or CPU. Also open a new shell and run iptraf and select general interface statistics. Check what is the network utilization while you turn proxy on and off.Here is my TOP and IPTRAF results with HAVP turn on. Is there anything abnormal with it? I am not too familiar with TOP, but I see three PID’s for HAVP, each one consuming about 32%RAM. Are these separate processes or is it just one?
June 29, 2010 at 1:16 pm #50571ppalias
MemberIf your internet line is not something close to 3,5Mbps then most likely havp is eating up most of your memory. I am not using proxy server on ZS cause it makes some streaming radios, that I listen to, stop working. Try to upgrade the memory for a start.
June 29, 2010 at 6:28 pm #50572SupaJ
Member@ppalias wrote:
If your internet line is not something close to 3,5Mbps then most likely havp is eating up most of your memory. I am not using proxy server on ZS cause it makes some streaming radios, that I listen to, stop working. Try to upgrade the memory for a start.
It finally worked! – I transferred Zeroshell to a machine with more resources: P4 2.8GHz, 1GB RAM. Apparently is was a lack of RAM causing HAVP to run slow. Thanks ppalias.
It appears that HAVP can’t catch HTTPS. Is this correct? What can be done in this case?
June 29, 2010 at 11:04 pm #50573ppalias
MemberYou can verify it with running the command
iptables -L -v
iptables -t nat -L -vIf there is a rule only for port 80 requests then it captures only HTTP. Most likely adding the same rules for port 443 as well would fix it, but I’m not sure if it would cause a problem on the web interface of ZS.
August 12, 2010 at 9:53 pm #50574lonetorus
Memberi was having the same kind of issue, bridged ZS with proxy being slow, turns out that traffic from the proxy was getting cought in the very low bandwidth default qos class, in any case, check that if you are having this issue too and the above posts didnt help.
-
AuthorPosts
- You must be logged in to reply to this topic.