gentoo-hardened April 2008 archive
Main Archive Page > Month Archives  > gentoo-hardened archives
gentoo-hardened: [gentoo-hardened] iptables problems with harden

[gentoo-hardened] iptables problems with hardened kernel

From: Andrei Korolyov <xdel_at_nospam>
Date: Thu Apr 03 2008 - 15:59:13 GMT
To: gentoo-hardened@lists.gentoo.org


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Hello everyone

I am using hardened kernel with Xen patchset from http://ayuda.com.au/pub/xen/grsecurity/ on my box. When i have started this kernel, guests is not available through forwarded ports by ssh and 'forwarded' tomcat from one of guest boxes does not deliver start (or any other) page completely - seems that it hangs at 80-90 percent. Also one strange thing - when i`ll try to resolve any host from guest box i have timeout fail but i can ping NSes from guest and on host box with same NS all dns requests works. Iptables state restoring without any warnings in logs and its ruleset works fine with xen kernel from official portage tree. I am don`t test yes forwarding on hardened-only kernel with simular security options set for grsec and pax. I want to work with pax+grsec+xen kernel because host box config looks like VPS in datacenter - many xen instances with many users which do not know about security things.

  • --

            WBR, Andrei Korolyov
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH9P7QgtwJKCS8W+ERAt1GAKD4hWbnh0WTsSHLSDgKkdkSslJUagCg2mi9 CXFwJJaOI5lAGocIS9GSNew=
=lAwk
-----END PGP SIGNATURE-----
-- gentoo-hardened@lists.gentoo.org mailing list