Re: [Efw-user] Bandwidth and Thruput
Hi Herbert What NIC cards are you using? I haven't used Endian on a connection as fast as you have but I have noticed a difference between cheap nics and the more expensive server grade ones. Also I am pretty sure using anti virus scanning is going to affect the throughput. What is your CPU loads showing? Regards Kevin Sent from Samsung Mobile Original message From: Herbert Appel postmas...@nx-networx.de Date: To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Bandwidth and Thruput Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
Hello Davo, we used different methods: 1. www.speedtest.net 2. http://www.initiative-netzqualitaet.de 3. Download of a file (e. g. http://www.ibc-blog.de/wp-content/uploads/2012/10/IBC-SOLAR_Jura-Solarpark.jpg) 7MB took 8-9s greetings Herbert Am 20.03.2013 um 09:13 schrieb d.davo...@mastertraining.it: I'm not sure about normality but can you tell how did you measure the throughput? Thanks Davo On 03/20/2013 07:40 AM, Herbert Appel wrote: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
Hello Herbert If possible I would first try, only for testing purposes, to switch off the proxy functionality. Futher I would try to make measurements by placing a computer in the Red subnet and by transferring large data to/from by simple protocol to an other computer in the green subnet. Also verifying if the green-interface is really working at 100Mbits and not at 10Mbits. Wow is the CPU load? And is /var/log eventually full? best regards, Andre Am 20.03.13 09:20, schrieb Herbert Appel: Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Andre Mueller Leuengasse 26 / CH-4057 Basel / Switzerland Tel +41-44-350 76 11 / Fax +41-44-350 76 12 mailto:andre.muel...@himmel-blau.com http://www.himmel-blau.com -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
Hi, the NICs are 3COM and Realtec 10/100MBit/s CPUload is about 80% I share your opinion but we can´t switch off all services to have max truput :-( then Endian is useless! thanks a lot Herbert Am 20.03.2013 um 09:35 schrieb kevsworld: Hi Herbert What NIC cards are you using? I haven't used Endian on a connection as fast as you have but I have noticed a difference between cheap nics and the more expensive server grade ones. Also I am pretty sure using anti virus scanning is going to affect the throughput. What is your CPU loads showing? Regards Kevin Sent from Samsung Mobile Original message From: Herbert Appel postmas...@nx-networx.de Date: To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Bandwidth and Thruput Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
Hi, thanks for your hints - I´ll check. Herbert Am 20.03.2013 um 09:38 schrieb Andre Mueller: Hello Herbert If possible I would first try, only for testing purposes, to switch off the proxy functionality. Futher I would try to make measurements by placing a computer in the Red subnet and by transferring large data to/from by simple protocol to an other computer in the green subnet. Also verifying if the green-interface is really working at 100Mbits and not at 10Mbits. Wow is the CPU load? And is /var/log eventually full? best regards, Andre Am 20.03.13 09:20, schrieb Herbert Appel: Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Andre Mueller Leuengasse 26 / CH-4057 Basel / Switzerland Tel +41-44-350 76 11 / Fax +41-44-350 76 12 mailto:andre.muel...@himmel-blau.com http://www.himmel-blau.com -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
Can you please go to status and then connection and tell me what is the maximum TTL you see on connections? Is it 119:00 ..something? ? Farzan Qureshi -- Rosmini College Network Administrator Helpdesk support On 20/03/2013 7:58 PM, Herbert Appel postmas...@nx-networx.de wrote: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter. What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s). Can somebody confirm that this is normal? Or, what can we do to lever the thruput? I would be grateful for any hint. Thanks in advance Herbert -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ( ad...@rosmini.school.nz). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini Collegeaccepts no liability for any damage caused by any virus transmitted by this email. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
the NICs are 3COM and Realtec 10/100MBit/s CPUload is about 80% 100baseT = 100 Mbps = 12.5 MBps EFW depends on the speed of the host cpu and on the network cards. Because of overhead and the limits of older computer buses and cpus, I don't believe you will get much more than 7MBit/s using 100baseT nics. I also do not believe 3Com nics are known for their speed. What cpu is in the firewall, and how much ram? These are very important when processing your enabled services. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
As stated CPU / RAM are your primary concern here. If your CPU usage is high, your throughput will be limited as such. One other consideration for ClamAV is disk speed. The file is downloaded to your EFW disk, scanned by clamav, then passed through to your client. If the disk is slow, that can be a factor. I have an INTEL atom based EFW running IPS/Proxy/CLAMAV etc and I'm able to fully utilise my 20mbit connection, however I do see ~90% cpu usage and I have an SSD hard drive to improve the 'speed' of clamav. I imagine you would need the newer generation, dual core atom's or a Core i3+ to cope with all the services on a 100/100mbit link. Hope that's helpful. From: compdoc [mailto:comp...@hotrodpc.com] Sent: Thursday, 21 March 2013 12:43 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Bandwidth and Thruput the NICs are 3COM and Realtec 10/100MBit/s CPUload is about 80% 100baseT = 100 Mbps = 12.5 MBps EFW depends on the speed of the host cpu and on the network cards. Because of overhead and the limits of older computer buses and cpus, I don't believe you will get much more than 7MBit/s using 100baseT nics. I also do not believe 3Com nics are known for their speed. What cpu is in the firewall, and how much ram? These are very important when processing your enabled services. Charter Hall This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please advise Charter Hall by return e-mail or telephone (02) 8908 4000. Any views expressed in this message are those of the individual sender, except where the sender expressly and with authority states them to be the views of Charter Hall. Charter Hall cannot guarantee that this e-mail or any attachments are free of viruses or other conditions which may damage or interfere with data, hardware or software with which it might be used. == -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bandwidth and Thruput
This is good info here, but something to watch out for: SKIPMIME image/* video/* audio/* The above line will PREVENT all images, videos and audio from being scanned for viruses. There are obvious security implications with that, and you should evaluate your security requirements before applying that setting. From: Farzan Qureshi [mailto:fqure...@rosmini.school.nz] Sent: Thursday, 21 March 2013 11:21 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Bandwidth and Thruput Hi Herbert, I was having similar issues with endian firewall at our end. I have done some modifications to the TCP/IP stack manually and some optimization to dansguardian. It is working very well. You can try following settings and hopefully this will fix your issues because it did for us. Remember to first reboot your endian firewall and once it is up access it through console and make changes to TCP/IP stack. But let me tell you I still haven't got enough time to figure out to make these changes of TCP/IP permanent. Because it reverts to default settings on reboot. But for dansguardian those settings are permanent. I noticed that TTL for established connection is too big by default that is 119:00 something...which is like a connection may live upto 5 days and hence choke available ports. (you can check this on status and go to connections) Following are the instructions for you: TCP/IP Stack Modifications Edit: nano /proc/sys/net/ipv4/tcp_max_orphans Change figure to 8192 Run following three commands one by one: echo 1 /proc/sys/net/ipv4/tcp_tw_reuse echo 1 /proc/sys/net/ipv4/tcp_tw_recycle echo 30 /proc/sys/net/ipv4/tcp_keepalive_intvl Edit: nano /proc/sys/net/ipv4/tcp_keepalive_probes Change value to 5 Edit: nano /etc/sysctl.conf And change following values to reflect values shown below or add these values if they are not present: net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphan = 8192 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200 Save changes. Run following commands one by one: echo 1200 /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established echo 131072 /proc/sys/net/ipv4/netfilter/ip_conntrack_max == DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION == Edit file nano /usr/lib/efw/dansguardian/default/settings And enter/change following parameters: MAXCHILDREN=500 MINCHILDREN=128 MINSPARECHILDREN=32 PREFORKCHILDREN=16 MAXSPARECHILDREN=256 MAXAGECHILDREN=1 Edit following file: nano /etc/havp/havp.conf.tmpl Add following parameters: MAXSERVERS 150 SERVERNUMBER 50 Also add following parameters after following line: STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine Add following parameters after above line in file: RANGE true SKIPMIME image/* video/* audio/* Hope this helps. Kind regards, Farzan On 20 March 2013 21:45, Herbert Appel postmas...@nx-networx.demailto:postmas...@nx-networx.de wrote: Hi, thanks for your hints - I´ll check. Herbert Am 20.03.2013 um 09:38 schrieb Andre Mueller: Hello Herbert If possible I would first try, only for testing purposes, to switch off the proxy functionality. Futher I would try to make measurements by placing a computer in the Red subnet and by transferring large data to/from by simple protocol to an other computer in the green subnet. Also verifying if the green-interface is really working at 100Mbits and not at 10Mbits. Wow is the CPU load? And is /var/log eventually full? best regards, Andre Am 20.03.13 09:20, schrieb Herbert Appel: Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s. Of course the services decelerate the thruput but I didn´t excpect this decrease. We are running CLAVAV, AMAVIS, NTP, DHCP, Content
Re: [Efw-user] Bandwidth and Thruput
I agree with you Josh. On 21 March 2013 13:58, Josh Carter josh.car...@charterhall.com.au wrote: This is good info here, but something to watch out for: SKIPMIME image/* video/* audio/* The above line will PREVENT all images, videos and audio from being scanned for viruses. There are obvious security implications with that, and you should evaluate your security requirements before applying that setting. *From:* Farzan Qureshi [mailto:fqure...@rosmini.school.nz] *Sent:* Thursday, 21 March 2013 11:21 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] Bandwidth and Thruput Hi Herbert, I was having similar issues with endian firewall at our end. I have done some modifications to the TCP/IP stack manually and some optimization to dansguardian. It is working very well. You can try following settings and hopefully this will fix your issues because it did for us. Remember to first reboot your endian firewall and once it is up access it through console and make changes to TCP/IP stack. But let me tell you I still haven't got enough time to figure out to make these changes of TCP/IP permanent. Because it reverts to default settings on reboot. But for dansguardian those settings are permanent. I noticed that TTL for established connection is too big by default that is 119:00 something...which is like a connection may live upto 5 days and hence choke available ports. (you can check this on status and go to connections) Following are the instructions for you: * TCP/IP Stack Modifications* Edit: nano /proc/sys/net/ipv4/tcp_max_orphans Change figure to 8192 Run following three commands one by one: echo 1 /proc/sys/net/ipv4/tcp_tw_reuse echo 1 /proc/sys/net/ipv4/tcp_tw_recycle echo 30 /proc/sys/net/ipv4/tcp_keepalive_intvl Edit: nano /proc/sys/net/ipv4/tcp_keepalive_probes Change value to 5 Edit: nano /etc/sysctl.conf And change following values to reflect values shown below or add these values if they are not present: net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphan = 8192 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200 Save changes. Run following commands one by one: echo 1200 /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established echo 131072 /proc/sys/net/ipv4/netfilter/ip_conntrack_max == DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION == Edit file nano /usr/lib/efw/dansguardian/default/settings And enter/change following parameters: MAXCHILDREN=500 MINCHILDREN=128 MINSPARECHILDREN=32 PREFORKCHILDREN=16 MAXSPARECHILDREN=256 MAXAGECHILDREN=1 Edit following file: nano /etc/havp/havp.conf.tmpl Add following parameters: MAXSERVERS 150 SERVERNUMBER 50 Also add following parameters after following line: STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine Add following parameters after above line in file: RANGE true SKIPMIME image/* video/* audio/* Hope this helps. Kind regards, Farzan On 20 March 2013 21:45, Herbert Appel postmas...@nx-networx.de wrote: Hi, thanks for your hints - I´ll check. Herbert Am 20.03.2013 um 09:38 schrieb Andre Mueller: Hello Herbert If possible I would first try, only for testing purposes, to switch off the proxy functionality. Futher I would try to make measurements by placing a computer in the Red subnet and by transferring large data to/from by simple protocol to an other computer in the green subnet. Also verifying if the green-interface is really working at 100Mbits and not at 10Mbits. Wow is the CPU load? And is /var/log eventually full? best regards, Andre Am 20.03.13 09:20, schrieb Herbert Appel: Hello Andre, hmm - but what could be the reason for that decrease from 50MBit/s -- 7MBit/s? Herbert Am 20.03.2013 um 09:10 schrieb Andre Mueller: Hello Herbert We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS, Content-Filter) we have full speed on the Green-interface in uploading/downloading towards/from Red-interface and GBit/s speed from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM we have assigned 1 GByte (used actually 50%). with best regards, Andre Am 20.03.13 07:40, schrieb Herbert Appel: Hello together, we use the latest version of EFW 2.51 in school. Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s. On the red
