Page 1 of 1

Connection Resets...

PostPosted: Mon Mar 18, 2002 11:39 am
by Ego^pFe
BRad, here the question...
I've a Firewall (grsecurity on, iptables 1.2.5 patched), a linux squid-proxy that views internet by Firewall's nat.
On the firewall I load for first nat rules... after that INPUT chain that include -m stealt udp and -m stealth --syn rules...

Frequently http request are ended with a "Connection Reset by Peer"
I said "Frequently" because is a Random issue...

hmm

PostPosted: Mon Mar 18, 2002 4:15 pm
by spender
I'm not sure if that's related to grsecurity, since the tcp stealth module only operates on packets with only the syn flag set. Does the problem not occur when the modules aren't loaded?

PostPosted: Tue Mar 19, 2002 4:07 am
by Ego^pFe
Yes, it occurs also when the module is not loaded... btw, I've done a malformed question... the real issue is:

can grsecurity network options (all the options generic...) create this kind of problem ?

I sincerely think that is a 2.4.18 kernel problem since it not happens with 2.4.17 :-/

btw, I've also a great problem... on the proxy machine... (installed grsecurity 1.9.4 (with ONLY openwall activated) squid process dies randomly by signal 6....

Spender... I've the sensation that something is wrong... I repeat... I've no diagnostic... but with kernel 2.4.17-grsecurity all work fine.

Sincerely

Federico

PostPosted: Tue Mar 19, 2002 9:47 am
by spender
I don't know of anyone having the same network-related problems as you, so I don't think it's grsecurity related, especially if it still happens when the module isn't loaded. As for the thing about squid, I've made no changes to the openwall stack patch since the 2.4.17 version of grsecurity, so It has to be a problem with the kernel itself, or there's something wrong with squid.