-1

I am using IPsec to block all protocoles traffic, and allow some ports. I want to allow Web Browsing while blocking all of the other traffic. I tried to add rule to allow the 80 port , port 53 as source and destination port through UDP and TCP protocoles, but still in the browser have a DNS error. Please can you help me?

Cheb Bilel
  • 61
  • 1
  • 11

2 Answers2

0

I don't know IPsec, but in general you cannot limit the source ports. The source ports will be random, and will not likely be 53 or 80. You should limit only the destination ports (80, 53).

chue x
  • 18,573
  • 7
  • 56
  • 70
  • I am blocking all the TCP and UPD traffic, now I need a rules to allow ports that is used for web browsing , like DNS port 53, port 80 for http. But stilll not able to navigate the web. – Cheb Bilel Apr 07 '13 at 22:39
  • @user2143947 - you added rules to allow access from any source port to destination ports 53 and 80? – chue x Apr 07 '13 at 22:44
  • yes, rules to allow access from any source ports to 53 and 80 ports, and also rules from 53 and 80 source ports to any destination ports too. – Cheb Bilel Apr 07 '13 at 23:14
  • @user2143947 - Just be careful not to allow arbitrary incoming connections from ports 53 and 80. Any traffic coming in should be associated with a prior outgoing connection to those ports. As to why you are still seeing connection problems, I am not sure. – chue x Apr 08 '13 at 00:22
0

The way IPSec works is that all 'block' rules take priority over 'allow' rules. If we ignore the fact you're not using the recommended methods to do what you want to do, you've not configured IPSec properly.

Unfortunately, using this method will be horrible, since you'll have to configure filters to block everything except HTTP, and there's no way of specifying 'everything except something'. I went down this road briefly a few weeks ago, made the same mistake you did, and aborted the whole plan!

I know this is an old question, but it would good to follow it up with the solution you found.

Grim
  • 672
  • 4
  • 17