SupaJ

Forum Replies Created

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50572
    SupaJ
    Member

    @ppalias wrote:

    If your internet line is not something close to 3,5Mbps then most likely havp is eating up most of your memory. I am not using proxy server on ZS cause it makes some streaming radios, that I listen to, stop working. Try to upgrade the memory for a start.

    It finally worked! – I transferred Zeroshell to a machine with more resources: P4 2.8GHz, 1GB RAM. Apparently is was a lack of RAM causing HAVP to run slow. Thanks ppalias.

    It appears that HAVP can’t catch HTTPS. Is this correct? What can be done in this case?

    in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50570
    SupaJ
    Member

    @ppalias wrote:

    I don’t think this can be done, I can see that the selection is disabled.
    Try this one; open a shell and run the top command. Start using the proxy and check if any process seems to be taking too much memory or CPU. Also open a new shell and run iptraf and select general interface statistics. Check what is the network utilization while you turn proxy on and off.

    Here is my TOP and IPTRAF results with HAVP turn on. Is there anything abnormal with it? I am not too familiar with TOP, but I see three PID’s for HAVP, each one consuming about 32%RAM. Are these separate processes or is it just one?

    in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50568
    SupaJ
    Member

    @ppalias wrote:

    My guess is that you should be capturing on BRIDGE interface. CPU usage and memory usage seem not to be the bottleneck. Try to switch capturing the BRIDGE interface only and make sure you capture only one way, e.g use source address of your local lan.

    I switched to bridge as per your suggestion – still no improvement. Web pages continue to load very slowly when HAVP is activated – logging is turn off(only logs webpages with virus), image scanning is also off. Is there a way for me to temporarily turn off the antivirus and leave the http proxy on?

    in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50566
    SupaJ
    Member

    @ppalias wrote:

    You didn’t mention if the CPU load is ok when the proxy is turned on.

    I checked my CPU log – it’s hardly ever above 4%.
    @ppalias wrote:

    It could be the “Access Logging (check the law in your country)” if it is logging anything. Try to switch it to “Only URL containing virus”.

    I had already done that – switch it to “Only URL containing virus”.

    Quick question: I am running a bridge but i am capturing on ETH0 and ETH1 but not BR0. Is this correct?

    Edit: Additionally I noticed the following:
    CPU usage w/o HTTP proxy: 4%
    CPU usage w/ HTTP proxy: 8%

    RAM usage w/o HTTP Proxy: 84MB
    RAM usage w/ HTTP Proxy: 174MB (max RAM on PC is 256MB)

    Can the above factors hinder the performance of the HTTP Proxy?

    in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50564
    SupaJ
    Member

    Any other suggestions? Does the HTTP proxy depend on any other service, e.g. DNS? What could be causing the slow browsing when it is turned on? It normally starts with a small latency and then the delay gradually increases over a few minutes – until web browsing becomes almost unbearable through it. Could it be the antivirus? How do I turn it off? Thanks.

    in reply to: High Latency Using HTTP PRoXY – ZeroShell Bridge #50562
    SupaJ
    Member

    It’s weekend and I don’t have access to the PC right now, hence I can’t check the CPU usage when the HTTP proxy is on – notwithstanding, it’s a 1.8GHz P4 w/ 256MB RAM. Shouldn’t that be more than sufficient to run the HTTP Proxy? Thanks.

    in reply to: QoS Issue – Web Interface Slow When downloading #49702
    SupaJ
    Member

    @ppalias wrote:

    First of all you can remove the QoS on the internal interface and limit the application on the external interface.

    How is this done? i.e. Limit download traffic on the external interface?

    in reply to: QoS Issue – Web Interface Slow When downloading #49699
    SupaJ
    Member

    @ppalias wrote:

    Remove QoS on the internal interface, there is no point in regulating the bandwidth of a 100Mbps connection.

    I take your point. As a matter of fact many QoS references say that there is no need to to do any shaping on ingress traffic. Once your egress(upload) traffic is not free, things should work well. However there are times when one might need to put a cap on certain ingress traffic and by disabling QoS on the internal adapter this would not be possible. There must be a way for me to access ZeroShell at full LAN speed and have QoS enable and functioning properly on the internal adapter. The question is how?

    in reply to: QoS Issue – Web Interface Slow When downloading #49697
    SupaJ
    Member

    Let me re-phrase my question:

    Can I create a chain or rule that will cause ZeroShell’s shaping ruleset to ignore internal LAN traffic to and from Zeroshell. I’ve seen this been done before with the opensource Mastershaper(scroll to the bottom of the page). The chain from Mastershaper would look like this:

    ######### chain LAN
    /sbin/tc filter add dev eth1 parent 1:1 protocol all prio 2 u32 match ip src 10.0.0.0/24 match ip dst 10.0.0.0/24 flowid 1:11.

    How can I implement this in ZeroShell?

    Thanks.

    in reply to: Zeroshell Bridge Inaccessible – Not passing traffic #49639
    SupaJ
    Member

    I didn’t see any ‘interesting message’ on the console when it happen. However I’ve noticed this when it is booting;

    08:18:11 	physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

    and also this:

    08:18:10 	ETH00: setting half-duplex.

    Also note that when I run Zeroshell between a switch and a single PC , it run the whole day without problems. The problem occurs when it is place between the Internet Modem/Router and my server.

    BTW, Zeroshell is being run a 1.5GHz P4, 256MB RAM PC.

    Any suggestions?

    Here is the section of my kernel messages I extracted the above messages from:

    08:18:09 	BRIDGE00: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
    08:18:10 device ETH00 entered promiscuous mode
    08:18:10 ETH00: setting half-duplex.
    08:18:10 device ETH01 entered promiscuous mode
    08:18:10 ETH01: setting full-duplex.
    08:18:10 BRIDGE00: port 2(ETH01) entering learning state
    08:18:10 BRIDGE00: port 1(ETH00) entering learning state
    08:18:11 physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
    08:18:11 message repeated 17 times
    08:18:11 physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
    08:18:11 message repeated 47 times
    08:18:25 BRIDGE00: topology change detected, propagating
    08:18:25 BRIDGE00: port 2(ETH01) entering forwarding state
    08:18:25 BRIDGE00: topology change detected, propagating
    08:18:25 BRIDGE00: port 1(ETH00) entering forwarding state
    in reply to: FTP Downloads – Error Message: "425" #49609
    SupaJ
    Member

    Thanks man – maybe woman? LOL. Your suggestion of

    RELATED-ESTABLISHED rule in the forward chain

    worked fine with FTP in passive mode. 😉

    in reply to: FTP Downloads – Error Message: "425" #49607
    SupaJ
    Member

    Add a RELATED-ESTABLISHED rule in the forward chain.

    Thanks Ppalias but I’m still a bit confused. Can you please elaborate – input, output, etc?

Viewing 12 posts - 1 through 12 (of 12 total)