From owner-freebsd-stable@FreeBSD.ORG  Sat Sep 24 17:49:54 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 35F0B16A41F
	for <freebsd-stable@freebsd.org>; Sat, 24 Sep 2005 17:49:54 +0000 (GMT)
	(envelope-from carlopmart@gmail.com)
Received: from qproxy.gmail.com (qproxy.gmail.com [72.14.204.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C89C443D48
	for <freebsd-stable@freebsd.org>; Sat, 24 Sep 2005 17:49:53 +0000 (GMT)
	(envelope-from carlopmart@gmail.com)
Received: by qproxy.gmail.com with SMTP id p26so306769qbb
	for <freebsd-stable@freebsd.org>; Sat, 24 Sep 2005 10:49:53 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding;
	b=AxUgUv3E0L0AeJIfmohceB9ZCEIocy+4ScXL055LhfCUGIYnku0fBLVhtxQX2QmLC/kcxyoTJfWWXTB3gKLoaufpRsHE+W2M6Z5uW1+7PVBsuBS2Jglfke+Hqt9GKTGTBBKlF6G8H8UEeD6zy8LNpkUk9+4Zm986+422wbAnnBI=
Received: by 10.65.22.16 with SMTP id z16mr337138qbi;
	Sat, 24 Sep 2005 10:49:53 -0700 (PDT)
Received: from ?192.168.67.214? ( [80.28.33.119])
	by mx.gmail.com with ESMTP id q16sm243058qbq.2005.09.24.10.49.47;
	Sat, 24 Sep 2005 10:49:52 -0700 (PDT)
Message-ID: <433591B4.9070901@gmail.com>
Date: Sat, 24 Sep 2005 19:49:40 +0200
From: "carlopmart@gmail.com" <carlopmart@gmail.com>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050912)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Encrypt some services with ipsec
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2005 17:49:54 -0000

H all,

  I have two prodction servers with FreeBSD 5.4 (all security patches 
are applied). They running some services like dns, ssh, http, ftp, etc. 
But I woukd like to encrypt some services for some hosts with ipsec when 
it is accessed. For example:

  - DNS resolution: not encrypted.
  - DNS replication master-slave: encrypted by ipsec.
  - Telnet: encrypted by ipsec for some hosts. Deny for the rest.
  - SSH: not encrypted for some hosts, encryted by ipsec for the rest.
  - FTP: encrypted by ipsec.
  - HTTP: encrypted by ipsec.

  is it possible to encrypt only certains services under ipsec tunnel??

Thank you for your help.


-- 
CL Martinez
carlopmart {at} gmail {d0t} com