IpSec filtering

[Sophia]

My machine could not find server name and invoke RMI
functions after applying the following IPSec policy:
1. Block all inbound traffic
2. Permit all outbound traffic

I tried to open UDP port 53 for DNS, but it didn't work
neither.

Any suggestions?

Thanks,

Sophia

 

[Steven L Umbach]

I think you would be better served with a personal firewall such as many of the free
ones available from Zone Alarm, Sygate or Kerio. By default they install with a block
all inbound rule and then they help you create outbound rules based on traffic they
detect on your computer and allow trusted zones. However to your question on ipsec. I
have always had good luck starting with a default block all ip traffic mirrored rule
and then add the exceptions for outbound traffic as mirrored rules such as ports
80,443 tcp and 53 udp for internet access. I think your rules as set up conflict
with each other and possibly do not accommodate return traffic that your computer
initiated. Ipsec rules are not as intuitive as normal firewall rules - at least to
me. --- Steve

http://www.webattack.com/Freeware/security/fwfirewall.shtml
http://www.securityfocus.com/infocus/1559

 

[Sophia]

Steve,

Thanks for your information.

I modify my IPSec policy to open a few more ports to allow
ICMP and RMI Registry traffic. I could PING server but
still have issue with RMI Server. RMI server uses port
1099 for initial communication and then assign dynamic
ports (such as 32800)for further communication.

Suggestions?

Thanks in advance,

Sophia

-----Original Message-----
I think you would be better served with a personal

firewall such as many of the free

ones available from Zone Alarm, Sygate or Kerio. By

default they install with a block

 

[Steven L Umbach]

Ipsec is limited in the way it can create rules, you can not for instance specify a
port range - just a port or any. You would probably need to create a rule that allows
any port on the client to connect to any port on the server. For instance protocol
tcp/udp as case may be, source port any, destination port any, source address my
address, destination address server, action permit. --- Steve

 

[Bloke at the pennine puddle (Replace n.a.v.d with]

Stupid question. I know what IPSEC is and how it works, just a newbie
configuring IPSEC policies. How do you create an exception filter?

Is it the case that under the IPSEC policies, permit filters take
precedence over dany filters? If that's the case then my question is
answered. If no, can someone please educate me?

If I'm write then my understanding is to create a block all finter and
then add further filters allowing connections to required ports.

Also, if I block all inbound ports using IPSEC, will IPSEC allow
inbound response ports to be automatically opened to outbound
communications?

Does this many any sense?