Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 64
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    The UI can get a bit unresponsive if the machine is loaded down. The cryptic part of this equation, is that like windows, linux doesn't report kernel utilization of CPU and RAM. Given that bridging or routing is a kernel process I'm sure you can see where this is going...

    You can easily see only 5% cpu on a busy box and have the thing falling on its face due to load.

    As for your OWA issue...

    Running web servers behind Untangle is a fun chore. The rack doesn't distinguish between incoming and outgoing, it just sees packets. That is why the device ships with a default no rack policy for outgoing SMTP, otherwise you have issues with the spam module.

    You're having the same problem in reverse, and to be honest, I don't think you want to web filter stuff going to your web server...

    I would create a new virtual rack for the web server, install the applications that make sense, protocol control, firewall, attack blocker. And configure a policy to route traffic destined for that internal IP address to go through the other rack.

    Alternately, if your box is under that much load the extra rack may be bad, if you're ok with not having UT defend that service at all, you could bypass any incoming traffic bound for that web server.

    Get the rack out of the way, those packets don't need looked at anyway.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Using a second rack is a good idea. I added our internal server to the Pass List and that seems to be working, at least for the time being. I'm still having periodic problems with the UI, though. I've been waiting about 8 minutes for it to come back.

    When the UI is available, is there a way to discover the true load on the box?
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  3. #23
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Our incoming traffic is averaging about 5 Mbps right now. Not very much at all. I just ran a speedtest from my PC and it got up to 7 Mbps. We only have a 10 Mbps connection, so that's pretty good.

    Everything I can see indicates that we shouldn't have a huge load on that box right now, yet it's now been almost 15 minutes since I could get to the web UI.

    As you said, though, the box could be (and probably is) doing a lot that we can easily see.
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  4. #24
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by neiby View Post
    When the UI is available, is there a way to discover the true load on the box?
    run 'cat /proc/loadavg' or 'top'
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #25
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Crud, I spoke too soon about the OWA stuff. It just locked up again, too. I'll have to do as you suggested and bypass UT for that traffic. At least, I will once I can get to the web UI.
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  6. #26
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Quote Originally Posted by dmorris View Post
    run 'cat /proc/loadavg' or 'top'
    The load average currently is 0.55, 0.43, 0.51. And we have 1.6 GB of RAM available. Still can't get to the UI.
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  7. #27
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    I just took UT out of production by disconnecting its external interface. The web UI immediately became responsive again. I had to do that because UT is blocking web access to the management interface on our firewall, so I couldn't open up access for Untangle support.
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  8. #28
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    I don't think your issues are related to load or free memory.

    There is some other network/DNS issue bouncing around.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #29
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Quote Originally Posted by dmorris View Post
    I don't think your issues are related to load or free memory.

    There is some other network/DNS issue bouncing around.
    In your opinion, which would be best: pointing UT to an external DNS server like OpenDNS or pointing it to our internal DNS servers?
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  10. #30
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Also, I've added bypass rules for web-access to our firewall and for external access to OWA. I'm hoping that will help. It already fixed the problem with access our firewall, which is nice. I have no idea why it would be blocking web access to our firewall without a bypass rule. Very odd.

    I think we're close to getting this working, though!
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

Page 3 of 7 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2