Hi Tek Bahadur Limbu >>Your 4 mbps connection link seems really really slow. Maybe as you say, >>your ISP could be creating this problem for you in the first place. I know it must be funny but how do we find out that wether the link is actually giving us 4 Mbps? The traceroute for google.com shows the following: traceroute www.google.com traceroute: Warning: www.l.google.com has multiple addresses; using 72.14.235.147 traceroute to www.l.google.com (72.14.235.147), 64 hops max, 40 byte packets 1 dialup-pool-1.165.78.202.shyaminternet.co.in (202.78.165.1) 7.349 ms 7.225 ms 6.885 ms 2 core-link2bharti.hellorainbow.com (202.78.168.17) 8.332 ms 7.353 ms 7.385 ms 3 dsl-KK-static-105.165.145.59.airtelbroadband.in (59.145.165.105) 9.367 ms 9.543 ms 9.431 ms 4 59.145.7.121 (59.145.7.121) 23.800 ms 22.20 ms 21.803 ms 5 59.145.7.146 (59.145.7.146) 64.225 ms 64.960 ms 58.920 ms 6 202.56.223.17 (202.56.223.17) 59.864 ms 57.841 ms 57.373 ms 7 so-2-3-0-zcr1.lnt.cw.net (166.63.222.53) 305.812 ms 306.9 ms 296.886 ms 8 so-7-0-0-zcr2.lnt.cw.net (166.63.222.42) 303.226 ms 312.317 ms 311.51 ms 9 so-5-2-0-dcr2.tsd.cw.net (195.2.10.134) 297.58 ms 305.313 ms 296.886 ms 10 as0-dcr1.tsd.cw.net (195.2.10.165) 301.422 ms 301.717 ms 301.720 ms 11 72.14.198.41 (72.14.198.41) 287.853 ms 285.945 ms 285.841 ms 12 209.85.252.40 (209.85.252.40) 280.834 ms 279.237 ms 279.367 ms 13 72.14.236.216 (72.14.236.216) 312.806 ms 307.203 ms 305.375 ms 14 209.85.251.233 (209.85.251.233) 319.20 ms 319.561 ms 216.239.46.227 (216.239.46.227) 310.52 ms 15 72.14.233.116 (72.14.233.116) 370.312 ms 390.349 ms 388.933 ms 16 209.85.248.130 (209.85.248.130) 477.780 ms 467.457 ms 471.978 ms 17 209.85.250.90 (209.85.250.90) 481.873 ms 487.371 ms 481.930 ms 18 209.85.250.101 (209.85.250.101) 505.620 ms 209.85.250.103 (209.85.250.103) 483.603 ms 209.85.250.101 (209.85.250.101) 495.549 ms 19 72.14.232.221 (72.14.232.221) 501.715 ms 72.14.232.217 (72.14.232.217) 499.203 ms 72.14.232.221 (72.14.232.221) 502.309 ms 20 tw-in-f147.google.com (72.14.235.147) 512.656 ms 492.229 ms 490.800 ms >>Do you get it through a satellite link? I think that your high service >>response time of 15 seconds is related to your DNS settings. >From where did u find you out this !!! :(. now i am using the internal caching dns server which is in our institute.but it is still slow. >>Try using a lower cache_mem value, say >>cache_mem 32 MB I have done it . >>don't know but your packet filtering setup might also be creating this >>problems for you. But I don't have that extensive knowledge of PF Its just like iptables.nyways i have disable it. >>Check your access.log and cache.log. I definitely think that you will be >>able to catch important things there What shal i look for in access log? I have even installed sarg on this system but i plan to run it once a week. >>squidclient mgr:5min | grep client client_http.requests = 14.584254/sec client_http.hits = 1.570319/sec client_http.errors = 0.025430/sec client_http.kbytes_in = 11.599378/sec client_http.kbytes_out = 83.999329/sec client_http.all_median_svc_time = 5.637445 seconds client_http.miss_median_svc_time = 8.682950 seconds client_http.nm_median_svc_time = 1.311657 seconds client_http.nh_median_svc_time = 10.209607 seconds client_http.hit_median_svc_time = 2.507928 seconds >From where do i read as to what do all these things mean? >>Probably you need to add the following: >>acl mynetwork src 192.168.0.0/24 >>http_access allow mynetwork >>http_access deny all I have the access list but i did not send it coz i thought it was not required.ell here it is #Types allowed/not allowed acl allowed url_regex "/etc/squid/custom/allowed.conf" acl bl-porn url_regex -i "/etc/squid/custom/bl-porn.conf" acl bl-virus url_regex -i "/etc/squid/custom/bl-virus.conf" acl bl-media urlpath_regex -i "/etc/squid/custom/bl-media.conf" acl bl-mime rep_mime_type -i "/etc/squid/custom/bl-mime.conf" acl bl-browser browser -i "/etc/squid/custom/bl-browser.conf" #Students hostels acl ashok src "/etc/squid/custom/ppl/bhavans/ashok.conf" acl bhagirath src "/etc/squid/custom/ppl/bhavans/bhagirath.conf" acl budh src "/etc/squid/custom/ppl/bhavans/budh.conf" acl gandhi src "/etc/squid/custom/ppl/bhavans/gandhi.conf" acl krishna src "/etc/squid/custom/ppl/bhavans/krishna.conf" acl malviya src "/etc/squid/custom/ppl/bhavans/malviya.conf" acl meera src "/etc/squid/custom/ppl/bhavans/meera.conf" acl ram src "/etc/squid/custom/ppl/bhavans/ram.conf" acl ranapratap src "/etc/squid/custom/ppl/bhavans/ranapratap.conf" acl shankar src "/etc/squid/custom/ppl/bhavans/shankar.conf" acl vishwakarma src "/etc/squid/custom/ppl/bhavans/vishwakarma.conf" acl vyas src "/etc/squid/custom/ppl/bhavans/vyas.conf" #Staff acl staff src "/etc/squid/custom/ppl/staff.conf" #IPC Staff acl ipc src "/etc/squid/custom/ppl/ipc.conf" #Other Administration acl ipcstaff src "/etc/squid/custom/ppl/ipcstaff.conf" # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager all # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # one who can access services on "localhost" is a local user http_access deny to_localhost http_access deny bl-virus http_access deny bl-media http_access deny bl-mime http_access deny bl-porn http_access deny bl-browser http_access allow allowed http_access allow meera http_access allow budh http_access allow ram http_access allow ashok http_access allow bhagirath http_access allow gandhi http_access allow krishna http_access allow ranapratap http_access allow shankar http_access allow vishwakarma http_access allow vyas http_access allow malviya http_access allow staff http_access allow ipcstaff # And finally deny all other access to this proxy http_access deny all http_reply_access allow all #Allow ICP queries from everyone icp_access allow all reply_body_max_size 20971520 allow all append_domain .xxx.xx.xx >>Since your average number of connections for your squid box is just >>about 700 per minute, you should investigate why your CPU usage is >>unusually high. Squid-2.6.13 is usually very CPU friendly. I have absolutely no idea.Even on the FC4 box the cpu utilization was very high.Has any one come across the same problem.if anyone has come across the same issue then kindly help me. Regards Preetish
