Re: [Efw-user] Bandwidth and Thruput

Wed, 20 Mar 2013 18:09:53 -0700 

I agree with you Josh.

On 21 March 2013 13:58, Josh Carter <josh.car...@charterhall.com.au> wrote:

>  This is good info here, but something to watch out for:
>
>
>
> SKIPMIME image/* video/* audio/*
>
>
>
> The above line will PREVENT all images, videos and audio from being
> scanned for viruses. There are obvious security implications with that, and
> you should evaluate your security requirements before applying that
> setting.
>
>
>
>
>
> *From:* Farzan Qureshi [mailto:fqure...@rosmini.school.nz]
> *Sent:* Thursday, 21 March 2013 11:21 AM
>
> *To:* efw-user@lists.sourceforge.net
> *Subject:* Re: [Efw-user] Bandwidth and Thruput
>
>
>
> Hi Herbert,
>
>
> I was having similar issues with endian firewall at our end. I have done
> some modifications to the TCP/IP stack manually and some optimization to
> dansguardian. It is working very well.
>
> You can try following settings and hopefully this will fix your issues
> because it did for us. Remember to first reboot your endian firewall and
> once it is up access it through console and make changes to TCP/IP stack.
> But let me tell you I still haven't got enough time to figure out to make
> these changes of TCP/IP permanent. Because it reverts to default settings
> on reboot. But for dansguardian those settings are permanent.
>
> I noticed that TTL for established connection is too big by default that
> is 119:00 something...which is like a connection may live upto 5 days and
> hence choke available ports. (you can check this on status and go to
> connections)
>
> Following are the instructions for you:
>
> *
> TCP/IP Stack Modifications*
>
>
> Edit:
>
>     nano /proc/sys/net/ipv4/tcp_max_orphans
>
>
> Change figure to
>
>     8192
>
>
>
>
> Run following three commands one by one:
>
>     echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
>     echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
>     echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl
>
>
>
> Edit:
>
>     nano /proc/sys/net/ipv4/tcp_keepalive_probes
>
>
> Change value to
>
>     5
>
>
>
>
> Edit:
>
>     nano /etc/sysctl.conf
>
>
>
> And change following values to reflect values shown below or add these
> values if they are not present:
>
>     net.ipv4.tcp_keepalive_intvl = 30
>     net.ipv4.tcp_keepalive_probes = 5
>     net.ipv4.tcp_tw_reuse = 1
>     net.ipv4.tcp_max_orphan = 8192
>     net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200
>
> Save changes.
>
>
>
>
> Run following commands one by one:
>
>     echo 1200 >
> /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
>     echo 131072 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
>
>
>
>
> ==========================================
> DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION
> ==========================================
>
> Edit file
>
>     nano /usr/lib/efw/dansguardian/default/settings
>
>
>
> And enter/change following parameters:
>
>     MAXCHILDREN=500
>     MINCHILDREN=128
>     MINSPARECHILDREN=32
>     PREFORKCHILDREN=16
>     MAXSPARECHILDREN=256
>     MAXAGECHILDREN=10000
>
>
>
> Edit following file:
>
>     nano /etc/havp/havp.conf.tmpl
>
>
>
> Add following parameters:
>
>     MAXSERVERS 150
>     SERVERNUMBER 50
>
>
>
> Also add following parameters after following line:
>
> STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000
> XMMS gnome-vfs xine
>
> Add following parameters after above line in file:
>
>     RANGE true
>     SKIPMIME image/* video/* audio/*
>
>
> Hope this helps.
>
> Kind regards,
>
> Farzan
>
>
>  On 20 March 2013 21:45, Herbert Appel <postmas...@nx-networx.de> wrote:
>
> Hi,
>
> thanks for your hints - I´ll check.
>
> Herbert
>
> Am 20.03.2013 um 09:38 schrieb Andre Mueller:
>
>
> >
> > Hello Herbert
> >
> > If possible I would first try, only for testing purposes, to switch off
> > the proxy functionality. Futher I would try to make "measurements" by
> > placing a computer in the Red subnet and by transferring large data
> > to/from by simple protocol to an other computer in the green subnet.
> > Also verifying if the green-interface is really working at 100Mbits and
> > not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?
> >
> > best regards, Andre
> >
> >
> > Am 20.03.13 09:20, schrieb Herbert Appel:
> >> Hello Andre,
> >>
> >> hmm - but what could be the reason for that decrease from 50MBit/s -->
> 7MBit/s?
> >>
> >> Herbert
> >> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
> >>
> >>>
> >>> Hello Herbert
> >>>
> >>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running
> EFW
> >>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
> >>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
> >>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
> >>> Content-Filter) we have full speed on the Green-interface in
> >>> uploading/downloading towards/from Red-interface and GBit/s speed
> >>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
> >>> we have assigned 1 GByte (used actually 50%).
> >>>
> >>> with best regards, Andre
> >>>
> >>>
> >>> Am 20.03.13 07:40, schrieb Herbert Appel:
> >>>> Hello together,
> >>>>
> >>>> we use the latest version of EFW 2.51 in school.
> >>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with
> 50MBit/s.
> >>>> On the red IF there are truely 50MBit/s, but on the green IF there
> are only 7MBit/s.
> >>>> Of course the services decelerate the thruput but I didn´t excpect
> this decrease.
> >>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
> >>>> What bothers me is that,when we were connected to DSL with 368kBit/s,
> we had full speed on the green side (47kB/s).
> >>>>
> >>>> Can somebody confirm that this is normal?
> >>>> Or, what can we do to lever the thruput?
> >>>>
> >>>> I would be grateful for any hint.
> >>>> Thanks in advance
> >>>>
> >>>> Herbert
> >>>>
> ------------------------------------------------------------------------------
> >>>> Everyone hates slow websites. So do we.
> >>>> Make your web apps faster with AppDynamics
> >>>> Download AppDynamics Lite for free today:
> >>>> http://p.sf.net/sfu/appdyn_d2d_mar
> >>>> _______________________________________________
> >>>> Efw-user mailing list
> >>>> Efw-user@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/efw-user
> >>>>
> >>>
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> Everyone hates slow websites. So do we.
> >>> Make your web apps faster with AppDynamics
> >>> Download AppDynamics Lite for free today:
> >>> http://p.sf.net/sfu/appdyn_d2d_mar
> >>> _______________________________________________
> >>> Efw-user mailing list
> >>> Efw-user@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/efw-user
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Everyone hates slow websites. So do we.
> >> Make your web apps faster with AppDynamics
> >> Download AppDynamics Lite for free today:
> >> http://p.sf.net/sfu/appdyn_d2d_mar
> >> _______________________________________________
> >> Efw-user mailing list
> >> Efw-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/efw-user
> >>
> >
> > --
> >
> > Andre Mueller
> > Leuengasse 26 / CH-4057 Basel / Switzerland
> > Tel +41-44-350 76 11 / Fax +41-44-350 76 12
> > mailto:andre.muel...@himmel-blau.com
> > http://www.himmel-blau.com
> >
> >
> ------------------------------------------------------------------------------
> > Everyone hates slow websites. So do we.
> > Make your web apps faster with AppDynamics
> > Download AppDynamics Lite for free today:
> > http://p.sf.net/sfu/appdyn_d2d_mar
> > _______________________________________________
> > Efw-user mailing list
> > Efw-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> Efw-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
>
>
> --
> *Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
> College | (09) 487 0 530
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager (
> *ad...@rosmini.school.nz*). Please note that any views or opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of the company. Finally, the recipient should
> check this email and any attachments for the presence of viruses. *Rosmini
> College* accepts no liability for any damage caused by any virus
> transmitted by this email.
>
>  ==== Charter Hall ========================
> This e-mail message and any accompanying attachments may contain
> information that is confidential and subject to legal privilege.  If you
> are not the intended recipient, do not read, use, disseminate, distribute
> or copy this message or attachments.  If you have received this message in
> error, please advise Charter Hall by return e-mail or telephone (02) 8908
> 4000.  Any views expressed in this message are those of the individual
> sender, except where the sender expressly and with authority states them to
> be the views of Charter Hall.  Charter Hall cannot guarantee that this
> e-mail or any attachments are free of viruses or other conditions which may
> damage or interfere with data, hardware or software with which it might be
> used.
> ======================================
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> Efw-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>


-- 
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530

-- 
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager (
ad...@rosmini.school.nz). Please note that any views or opinions presented 
in this email are solely those of the author and do not necessarily 
represent those of the company. Finally, the recipient should check this 
email and any attachments for the presence of viruses. Rosmini Collegeaccepts 
no liability for any damage caused by any virus transmitted by this 
email.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to