MASQUERADE and Grsecurity
Posted: Sat Apr 12, 2008 1:58 pmMy system: Debian 4.0 2.6.23.14 / Grsecurity 2.1.11.2.6.23.9
Problem: Everething was ok with kernel 2.6.18.5. So i upgraded to 2.6.23.14 with grsecurity. I used the generic config (Grsecurity). This system is my router and run iptables with MASQUERADE. When I access from my station some Internet sites, the packets exchaged between the station and the sites's server suddenly stop. It doesnt happen with every sites. If the station try, for example, http://www.oglobo.com.br, we can see the problem (with tcpdump).
With Squid installed on this same system there is no problem. I turned to old kernel without Grsecurity and the problem went out.
Problem: Everething was ok with kernel 2.6.18.5. So i upgraded to 2.6.23.14 with grsecurity. I used the generic config (Grsecurity). This system is my router and run iptables with MASQUERADE. When I access from my station some Internet sites, the packets exchaged between the station and the sites's server suddenly stop. It doesnt happen with every sites. If the station try, for example, http://www.oglobo.com.br, we can see the problem (with tcpdump).
With Squid installed on this same system there is no problem. I turned to old kernel without Grsecurity and the problem went out.