From owner-freebsd-security@FreeBSD.ORG Sat Sep 24 19:11:31 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E9AB16A41F for ; Sat, 24 Sep 2005 19:11:31 +0000 (GMT) (envelope-from carlopmart@gmail.com) Received: from qproxy.gmail.com (qproxy.gmail.com [72.14.204.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD3C743D49 for ; Sat, 24 Sep 2005 19:11:30 +0000 (GMT) (envelope-from carlopmart@gmail.com) Received: by qproxy.gmail.com with SMTP id p36so276367qba for ; Sat, 24 Sep 2005 12:11:29 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding; b=KPeJQe6zYMPkm1QJJHsfsSpVnS98erfi7lbZSY224KLSlA+YvPiZ5GiTAbk2uFLUnCH7oQvpP7F0F8U139ZJjX+NLP27vRNHzUAWqhHYM1z+KOEMjctht0lHXN1XMv8a96xcXxg4xZFWxIeIFo537wveBmc6dtbtagnkLp8oynQ= Received: by 10.65.133.6 with SMTP id k6mr362166qbn; Sat, 24 Sep 2005 11:09:45 -0700 (PDT) Received: from ?192.168.67.214? ( [80.28.33.119]) by mx.gmail.com with ESMTP id e14sm235024qba.2005.09.24.11.09.43; Sat, 24 Sep 2005 11:09:45 -0700 (PDT) Message-ID: <43359660.2060606@gmail.com> Date: Sat, 24 Sep 2005 20:09:36 +0200 From: "carlopmart@gmail.com" User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050912) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Encrypt some services with ipsec X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Sep 2005 19:11:31 -0000 Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny for the rest. - SSH: not encrypted for some hosts, encryted by ipsec for the rest. - FTP: encrypted by ipsec. - HTTP: encrypted by ipsec. is it possible to encrypt only certains services under ipsec tunnel?? Thank you for your help. -- CL Martinez carlopmart {at} gmail {d0t} com