Hi there,
I installed asl in a "test case" situation first and really liked it's possibilities and it's web-interface. After testing it for like a week (with about 5 users) i decided to migrate it to the place where the "previous firewall" was located. The previous one has the same hw conf as the asl box, a p3 866 with 512Mb mem etc. It ran a "normal linux" install with squid and the ip-chains rules defined manually.
And that's how i set up asl as well, 3 nic's, running an http proxy (and thus dns only accessible by localhost). In the DMZ there's a mailserver, webserver and ftp server, the last 2 hardly bein' used. In the local network there's about 50 users who all got the asl as default route and need to access that to get to the dns servers who are still in the internet zone. They can access the mailserver through the mailserver's internal ip. About 20 users have "internet access" and thus use the http proxy. Like i said, the mailserver can be accessed by anyone(external) through the asl on port 25 and 110 (using DNAT).
Thing is that cpu usage is goin' skyhigh, up to 100% OFTEN with an average of like 92%. So the asl is _slow_. And i didn't have that problem with the "old" configuration. If i check lifelog most of the requests are netbios ones. If i change something in the dns proxy settings (whether that's enabling or disabling it) the box "calms down" to about 90%. Changed the mailserver already to not perform reverse lookups to with no result. I think the problem _has_ gotta do something with DNS but i can't figure out what it is. Like i said no matter what change i make to the dns proxy server helps, but only for a short while.
Can anyone tell me where i made a mistake or is that box just "too light" if i use asl on it? Can't imagine that since it had no problems at all running linux / squid with my l33t tuning [:)]
thanx in advance.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.