From owner-freebsd-questions@FreeBSD.ORG Thu Nov 27 15:25:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2641D16A4CE for ; Thu, 27 Nov 2003 15:25:06 -0800 (PST) Received: from cloudburst.umist.ac.uk (cloudburst.umist.ac.uk [130.88.119.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB38E43F75 for ; Thu, 27 Nov 2003 15:25:04 -0800 (PST) (envelope-from lewiz@black.lewiz.org) Received: from lh014.halls.umist.ac.uk ([130.88.163.14] helo=yellow.lewiz.org) by cloudburst.umist.ac.uk with esmtp (Exim 4.24) id 1APVVP-0007gY-4j for questions@freebsd.org; Thu, 27 Nov 2003 23:25:03 +0000 Received: from black.lewiz.org ([192.168.0.12]) by mail.lewiz.org with smtp (Exim 4.24; FreeBSD) id 1APVWH-000Lf5-Qs for questions@freebsd.org; Thu, 27 Nov 2003 23:25:57 +0000 Received: (nullmailer pid 43291 invoked by uid 4001); Thu, 27 Nov 2003 23:25:00 -0000 Date: Thu, 27 Nov 2003 23:25:00 +0000 From: Lewis Thompson To: questions@freebsd.org Message-ID: <20031127232500.GA43262@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" Content-Disposition: inline X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.westwood.karoo.net/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.5.1i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Require IPSEC transparent. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2003 23:25:06 -0000 --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm wondering if the following situation would be possible: I have a small LAN (one server, three workstations) and want to fully encrypt it (since it's quite easy for somebody to plug into my switch -- I'm at university and the machines are in my room). What I would like is for my server (FreeBSD 4.9-RELEASE) to only accept IPSEC encrypted packets on the range, say, 192.168.0.1-192.168.0.24. Anything above 24 can talk without IPSEC, but all sorts of insecure services are firewalled off. This seems a nice way to do things to me (although I am very open to suggestions) but I have little idea how I would mandate IPSEC packets. I currently have IPSEC ESP/transparent between my server and a workstation so I could easily expand this to more machines. Thanks very much, -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/xofMItq0KFQv7T8RAqhHAJ9x8tOpAcyc0UKzYFEa7m6h3vVdPwCeNGX3 FXzDezJYmuvWxpiiQ00XhI0= =sQA8 -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW--