grsecurity forums

[Ego^pFe]

BRad, here the question...
I've a Firewall (grsecurity on, iptables 1.2.5 patched), a linux squid-proxy that views internet by Firewall's nat.
On the firewall I load for first nat rules... after that INPUT chain that include -m stealt udp and -m stealth --syn rules...

Frequently http request are ended with a "Connection Reset by Peer"
I said "Frequently" because is a Random issue...

[spender]

I'm not sure if that's related to grsecurity, since the tcp stealth module only operates on packets with only the syn flag set. Does the problem not occur when the modules aren't loaded?

[Ego^pFe]

Yes, it occurs also when the module is not loaded... btw, I've done a malformed question... the real issue is:

can grsecurity network options (all the options generic...) create this kind of problem ?

I sincerely think that is a 2.4.18 kernel problem since it not happens with 2.4.17 :-/

btw, I've also a great problem... on the proxy machine... (installed grsecurity 1.9.4 (with ONLY openwall activated) squid process dies randomly by signal 6....

Spender... I've the sensation that something is wrong... I repeat... I've no diagnostic... but with kernel 2.4.17-grsecurity all work fine.

Sincerely

Federico

[spender]

I don't know of anyone having the same network-related problems as you, so I don't think it's grsecurity related, especially if it still happens when the module isn't loaded. As for the thing about squid, I've made no changes to the openwall stack patch since the 2.4.17 version of grsecurity, so It has to be a problem with the kernel itself, or there's something wrong with squid.