HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.


Board index » HAVP Support » General Support

All times are UTC + 2 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | Next topic 
Author Message
marc78
PostPosted: 16 Sep 2008 18:59 
Offline

Joined: 16 Mar 2007 16:27
Posts: 9
Hi,

we set up several (5) boxes using Squid/SquidGuard/HAVP and on one of them netfilter. All hardwares are almost the same (2 Xeon minimun, 3GB RAM, SCSI 320 hard drives, Linux Slackware 12.0).
On main servers, with about 1500 active users we don't have any issue. On the last box, with only 400 users, surfing is really slow... and unacceptable for users. I have checked all the config (squid, squidguard, havp), and the only difference is that this box is also runing IPTables to handle specific traffic.
Without HAVP this box is running really fine, as all other systems, but as soon as HAVP is activated, the systems slow down after few minutes of activity. The result for end users is "connection lost" error page from HAVP. During problem, the loadaverage of the server is low (almost 0 !), memory usage is normal, no pagging,...

I'm pretty sure the pb is linked to IPTables, but as the default rules for both outgoing and incomming chains are "ACCEPT", I suppose it's another parameters. (I tested with the stock kernel 2.6.21.5 and the latest one 2.6.26.5, same result).

UPDATE : on this server, we made a test by switching off IPTables, and the surfing is back to normal. So the problem is between HAVP and IPTables. Any way to add some log to find where it blocks ?

Does any one here already saw (and solved !) this kind of trouble ? Any help will be appreciated.

regards,

Marc.
Top
 Profile  
 
hydrapolic
PostPosted: 22 Sep 2008 08:53 
Offline

Joined: 21 Apr 2008 14:21
Posts: 10
Strange indeed. Could you post your configs ?

I'm running HAVP on 2.6.24 with iptables and getting decent speeds.
Top
 Profile  
 
hege
PostPosted: 22 Sep 2008 10:29 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
You need to post your iptables, what is "specific traffic"? There are many ways to shoot your foot. :)
Top
 Profile  
 
marc78
PostPosted: 22 Sep 2008 17:11 
Offline

Joined: 16 Mar 2007 16:27
Posts: 9
Hi,

for IPTables, I don't think the problem is because of rules, we made a simple test flushing all rules (IPTables -F), same result. I don't have access to the server until tomorrow, so I will post config files tomorrow morning.

Marc.
Top
 Profile  
 
marc78
PostPosted: 30 Sep 2008 17:30 
Offline

Joined: 16 Mar 2007 16:27
Posts: 9
Hi,

the current active conf for HAVP is (result of havp -s) :

ACCESSLOG=/var/log/havp/access.log
ARCAVIRSOCKET=/var/run/arcavird.socket
AVASTPORT=5036
AVASTSERVER=
AVASTSOCKET=/var/run/avast4/local.sock
AVESOCKET=/var/run/aveserver
AVGPORT=55555
AVGSERVER=127.0.0.1
BIND_ADDRESS=127.0.0.1
BLACKLIST=/etc/havp/blacklist
CLAMBLOCKBROKEN=FALSE
CLAMBLOCKENCRYPTED=FALSE
CLAMBLOCKMAX=FALSE
CLAMDBDIR=
CLAMDPORT=3310
CLAMDSERVER=
CLAMDSOCKET=/tmp/clamd
CLAMMAXFILES=1000
CLAMMAXFILESIZE=50
CLAMMAXRATIO=250
CLAMMAXRECURSION=8
DAEMON=TRUE
DBRELOAD=60
DISPLAYINITIALMESSAGES=TRUE
ENABLEARCAVIR=FALSE
ENABLEAVAST=FALSE
ENABLEAVESERVER=FALSE
ENABLEAVG=FALSE
ENABLECLAMD=FALSE
ENABLECLAMLIB=TRUE
ENABLEFPROT=FALSE
ENABLENOD32=FALSE
ENABLESOPHIE=FALSE
ENABLETROPHIE=FALSE
ERRORLOG=/var/log/havp/error.log
FAILSCANERROR=TRUE
FORWARDED_IP=TRUE
FPROTPORT=10200
FPROTSERVER=127.0.0.1
GROUP=squid
IGNOREVIRUS=
KEEPBACKBUFFER=200000
KEEPBACKTIME=5
LOGLEVEL=1
LOG_OKS=FALSE
MAXDOWNLOADSIZE=0
MAXSCANSIZE=150000000
MAXSERVERS=400
NOD32SOCKET=/tmp/nod32d.sock
NOD32VERSION=25
PARENTPORT=0
PARENTPROXY=
PIDFILE=/var/run/havp/havp.pid
PORT=8010
RANGE=FALSE
SCANIMAGES=TRUE
SCANNERTIMEOUT=10
SCANTEMPFILE=/var/tmp/havp/havp-XXXXXX
SERVERNUMBER=120
SOPHIESOCKET=/var/run/sophie
SOURCE_ADDRESS=
STREAMSCANSIZE=20000
STREAMUSERAGENT=
SYSLOGFACILITY=daemon
SYSLOGLEVEL=info
SYSLOGNAME=havp
TEMPDIR=/tmp
TEMPLATEPATH=/etc/havp/templates/es
TRANSPARENT=FALSE
TRICKLING=30
TROPHIEMAXFILES=1000
TROPHIEMAXFILESIZE=10
TROPHIEMAXRATIO=250
USER=squid
USESYSLOG=FALSE
WHITELIST=/etc/havp/whitelist
WHITELISTFIRST=TRUE
X_FORWARDED_FOR=FALSE

IPTables config is mostly like (I removed many similar lines) :

root@proxyserver:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.70.96.54 194.224.215.30 tcp dpts:7200:7210 state NEW,RELATED
ACCEPT tcp -- 10.70.96.76 194.224.215.30 tcp dpts:7200:7210 state NEW,RELATED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

While HAVP is running, if I look for open handle for one HAVP process the list is :
havp 10096 squid cwd DIR 104,1 4096 226241 /tmp
havp 10096 squid rtd DIR 104,1 4096 2 /
havp 10096 squid txt REG 104,7 324525 565694 /usr/sbin/havp
havp 10096 squid mem REG 104,1 77439 161683 /lib/libresolv-2.5.so
havp 10096 squid mem REG 104,1 21065 161676 /lib/libnss_dns-2.5.so
havp 10096 squid mem REG 104,1 45552 161677 /lib/libnss_files-2.5.so
havp 10096 squid mem REG 104,1 41045 161679 /lib/libnss_nis-2.5.so
havp 10096 squid mem REG 104,7 145457 633717 /usr/lib/libclamunrar.so.3.0.3
havp 10096 squid mem REG 104,1 96480 161674 /lib/libnsl-2.5.so
havp 10096 squid mem REG 104,7 24773 633723 /usr/lib/libclamunrar_iface.so.3.0.3
havp 10096 squid mem REG 104,1 110796 161682 /lib/libpthread-2.5.so
havp 10096 squid mem REG 104,7 218928 630246 /usr/lib/libgmp.so.3.4.1
havp 10096 squid mem REG 104,1 66444 163173 /lib/libbz2.so.1.0.4
havp 10096 squid mem REG 104,7 77688 630269 /usr/lib/libz.so.1.2.3
havp 10096 squid mem REG 104,1 1528742 161668 /lib/libc-2.5.so
havp 10096 squid mem REG 104,7 41224 630258 /usr/lib/libgcc_s.so.1
havp 10096 squid mem REG 104,1 184820 161672 /lib/libm-2.5.so
havp 10096 squid mem REG 104,7 906580 630337 /usr/lib/libstdc++.so.6.0.8
havp 10096 squid mem REG 104,7 1323603 630608 /usr/lib/libclamav.so.3.0.3
havp 10096 squid mem REG 104,1 35494 161675 /lib/libnss_compat-2.5.so
havp 10096 squid mem REG 104,1 131484 161710 /lib/ld-2.5.so
havp 10096 squid 0w REG 104,5 43993 129866 /var/log/havp/error.log
havp 10096 squid 1w REG 104,5 0 129858 /var/log/havp/access.log
havp 10096 squid 2uw REG 104,6 1 114 /var/tmp/havp/havp-YQ0Cfv
havp 10096 squid 3u IPv4 8897 TCP 127.0.0.1:8010 (LISTEN)
havp 10096 squid 5w FIFO 0,5 9564560 pipe
havp 10096 squid 6r FIFO 0,5 9564561 pipe


Hope this may help someone to find an idea about this problem...

Marc.
Top
 Profile  
 
hege
PostPosted: 30 Sep 2008 17:34 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
What is the method you used for "switching off iptables"?
Top
 Profile  
 
marc78
PostPosted: 30 Sep 2008 19:30 
Offline

Joined: 16 Mar 2007 16:27
Posts: 9
The first method was only to flush all rules (iptables -F), no success, the server still slows down. The second method was to remove rc.firewall from startup and restart the server (so no iptables modules were loaded), with this method this server acts like all other : good perf while browsing from clients.

Marc.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 

Board index » HAVP Support » General Support

All times are UTC + 2 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot] and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group