Connection Resets...

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

Connection Resets...

Postby Ego^pFe » Mon Mar 18, 2002 11:39 am

BRad, here the question...
I've a Firewall (grsecurity on, iptables 1.2.5 patched), a linux squid-proxy that views internet by Firewall's nat.
On the firewall I load for first nat rules... after that INPUT chain that include -m stealt udp and -m stealth --syn rules...

Frequently http request are ended with a "Connection Reset by Peer"
I said "Frequently" because is a Random issue...
Ego^pFe
 
Posts: 7
Joined: Wed Mar 06, 2002 12:58 pm

hmm

Postby spender » Mon Mar 18, 2002 4:15 pm

I'm not sure if that's related to grsecurity, since the tcp stealth module only operates on packets with only the syn flag set. Does the problem not occur when the modules aren't loaded?
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Postby Ego^pFe » Tue Mar 19, 2002 4:07 am

Yes, it occurs also when the module is not loaded... btw, I've done a malformed question... the real issue is:

can grsecurity network options (all the options generic...) create this kind of problem ?

I sincerely think that is a 2.4.18 kernel problem since it not happens with 2.4.17 :-/

btw, I've also a great problem... on the proxy machine... (installed grsecurity 1.9.4 (with ONLY openwall activated) squid process dies randomly by signal 6....

Spender... I've the sensation that something is wrong... I repeat... I've no diagnostic... but with kernel 2.4.17-grsecurity all work fine.

Sincerely

Federico
Ego^pFe
 
Posts: 7
Joined: Wed Mar 06, 2002 12:58 pm

Postby spender » Tue Mar 19, 2002 9:47 am

I don't know of anyone having the same network-related problems as you, so I don't think it's grsecurity related, especially if it still happens when the module isn't loaded. As for the thing about squid, I've made no changes to the openwall stack patch since the 2.4.17 version of grsecurity, so It has to be a problem with the kernel itself, or there's something wrong with squid.
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA


Return to grsecurity support

cron