LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-21-2006, 03:49 AM   #1
Paulsuk
Member
 
Registered: Jan 2004
Distribution: LFS
Posts: 91

Rep: Reputation: 15
Squid / DansGuardian / HavP SLOW! Optimisation tips, please!


Hi,

I have a small home network (1 busybox server running LFS6.0 and 4 wireless clients running XP, 2 laptop and 2 desktop). The desktop machines are in the kids bedrooms and access the 'net through a SQUID->Dan's Guardian->HavP chain.

As it stands, I have set up the system in a slightly odd order because I want to be able to get reports on what the kids are doing on the 'net. I also want to be able to control which hours of the day they can access it!

Now, the first thing to say is that the system works (sort of).

The kids PCs connect to SQUID on the busybox. I use authentication which means their usernames appear in the logs which are then analysed with SQUINT.

SQUID then passes the request (if required) upstream to Dan's Guardian to filter out anything unsuitable. I use them in this order because (AFAIK) Dan's Guardian can't log usernames and also can't pass the authentication request through. I also think it makes sense to block a suspect site from even being cached!

Dan's Guardian then passes the request off to HavP which gets the download and scans it for viruses (using ClamAV). I went for this for 2 reasons: 1) Obviously, virus scanning is a good idea, particularly when you have XP in the picture. 2) AFAIK Dan's Guardian has to connect to some sort of upstream proxy, so I needed something there!

Now, this system is very, very slow. My eldest has stopped using the 'net (no bad thing, I feel!) as he complains that it can take up to 5 minutes to get a page. (Same page loads in a few seconds if the proxy setup is bypassed). Alternatively, (and recently more frequently) you simply get an error saying
Quote:
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: NONE://127.0.0.1:8081http://www.linuxquestions.org/questions/forumdisplay.php?

The following error was encountered:

Zero Sized Reply
Squid did not receive any data for this request.

Your cache administrator is webmaster.
Where do I start? Which logs would be the best to look at first? I've tried looking at TOP on the server while he is surfing and this doesn't seem to say much. I suspect I have mis-configured something somewhere and it's actually something waiting to timeout, but what?

I don't want to clog up the forum with unneccessary logfiles and config files, so if anyone is able to help, let me know what to post (or I'm obviously happy to e-mail them to you if it is easier!)

TIA

Paul

Last edited by Paulsuk; 05-21-2006 at 04:05 AM.
 
Old 11-07-2006, 09:38 PM   #2
slackspider
LQ Newbie
 
Registered: Sep 2005
Posts: 1

Rep: Reputation: 0
Lightbulb Suggestion

Hi Paul,

I don't know if you have this issue solved, but let me share my experience with you. I have a similar network and conditions configured as yours and was facing the same problem. My machine was a very slow machine (a 233MHz pentium mmx with 128Mb ram) but it handled squid very well before I configured dansguardian with clamav. Just for the record I used SARG for viewing user access reports and I am using slackware 10.2

I have solved this by disabling almost all phrase and word comparising. It was consuming too much cpu on the gateway and delaying a lot the viewing of webpages. By default a lot of this configuration is enabled and many are not that necessary. You can have an acl blocking porn sites using a black list provided by a website instead of this word comparising, and it would be much easier on the machine. I'm not sure what machine you are using as gateway for your home lan, but I guess it is an old one too?

Anyway, check the files on /etc/dansguardian (my config directory for dansguardian) and take a look at the dansguardianf1.conf. There are good options to disable and gain performance there. Each time you disable something, try restarting dansguardian. That way you will know what made difference.

Even this 233MHz oldie does not take much more time on pages that are not on the cache than the ones that are already there to download. But the word analysis was too much for her

Hope I have helped.

Slackspider
 
Old 11-09-2006, 02:58 PM   #3
Paulsuk
Member
 
Registered: Jan 2004
Distribution: LFS
Posts: 91

Original Poster
Rep: Reputation: 15
Thanks for that, and I'll certainly have a close look at what you suggest.

In fact, it turned out that my ClamAV was mis-configured so HavP was timing waiting in vain and then finally timing out and passing the request through. In the meantime, in some cases, Squid was giving up (hence the error message). I re-installed ClamAV and it all started to work ok :-)

At the time I posted, I was running a PII 450 with 392Mb RAM.

I've not come across SARG, any good?

;-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dansguardian + squid shafey Linux - Security 2 12-31-2005 11:42 AM
squid and dansguardian on MDK 10.2 Trio3b Mandriva 1 12-27-2005 04:20 PM
Dansguardian/Squid HELP! Prizam Linux - Software 3 09-23-2005 06:30 PM
iptables, DansGuardian, and Squid. cth3 Linux - Networking 1 02-10-2005 09:04 AM
Squid load testing software / Squid optimisation? gundelgauk Linux - Networking 2 08-31-2004 07:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration