Thanks for your responses Thomas & Lane. I forgot to mention that I am using racoon as the IKE daemon. If I enable ipsec tunnelling between two linux-2.6 machines, things work fine. I am able to restrict accesses to ports, etc. I also have windows (2K) machines that can be connected as a client to the linux-2.6 machine. The problem that I am facing now is that the windows machine's native ipsec implementation does not work if the "tunnel mode" is enabled. So now I am looking for a solution that does not require enabling tunnelling. Thanks for your help. Devaraj. Thomas Lussnig wrote: > Devaraj Das wrote: > > >Hi, > >I wanted to know whether there is a working solution for the issue that > >was discussed sometime back: > >http://www.spinics.net/lists/netfilter/msg22099.html > >In short is there any solution to enable blocking selective ports in a > >machine running Linux 2.6.0 + in-kernel ipsec. > >I would be very helpful if I can get a working solution or some > >information on a possible solution. > >Thanks, > >Devaraj. > > > > > Hi, > if you look at ipsec from Linux-2.6.0 you would have noticed that you define > SRC-IP/SRC-PORT -- DST-IP/DST-PORT this mean you question imply the > following setup: > > 1. You allow any port combination to go via the ipsec tunnel > 2. You have ports that should not go via the ipsec tunnel wich you allow > via ipsec > 3. Now this ports should be filtered on iptables layer > - possible at prerouting/mangle > + define the correkt ipsec config > > Gruß Thomas Lußnig
