I have a machine that runs webserver on internal ip address of 10.10.10.10 and I have added an addtional ip to the network adapter card of 10.10.10.122 for my ftp server.
I'm using tcp/ip filtering
tcp ports 20,21,22,80,443
udp 161,162
ip 6,8
Evrything works fine but when I apply my ipsec filters, I cannot access the FTP server .... below is my config
ipsecpol -x -w REG -p "YO" -r "BlockAll" -n BLOCK -f 0=*::*
ipsecpol -x -w REG -p "YO" -r "AllowICMP" -n PASS -f 0::=*:*:ICMP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:20+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTPData-out" -n PASS -f 0:=*:20:TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:21+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-out" -n PASS -f 0:=*:21:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSSH-in" -n PASS -f 0:22+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowSMTP-in" -n PASS -f 0:25+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowSMTP-out" -n PASS -f 0:=*:25:TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-in" -n PASS -f 0:53+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-out" -n PASS -f 0:=*:53:TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS-in" -n PASS -f 0:53+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowDNS-out" -n PASS -f 0:=*:53:UDP
ipsecpol -x -w REG -p "YO" -r "AllowHTTP-in" -n PASS -f 0:80+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTP-out" -n PASS -f 0:=*:80:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSNMP-in" -n PASS -f 0:161+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMP-out" -n PASS -f 0:=*:161:UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-in" -n PASS -f 0:162+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-out" -n PASS -f 0:=*:162:UDP
ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-in" -n PASS -f 0:443+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-out" -n PASS -f 0:=*:443:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSysLog-in" -n PASS -f 0:514+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSysLog-out" -n PASS -f 0:=*:514:UDP
ipsecpol -x -w REG -p "YO" -r "AllowRDP-in" -n PASS -f 0:4701+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13700+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13782+*::TCP
I'm using tcp/ip filtering
tcp ports 20,21,22,80,443
udp 161,162
ip 6,8
Evrything works fine but when I apply my ipsec filters, I cannot access the FTP server .... below is my config
ipsecpol -x -w REG -p "YO" -r "BlockAll" -n BLOCK -f 0=*::*
ipsecpol -x -w REG -p "YO" -r "AllowICMP" -n PASS -f 0::=*:*:ICMP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:20+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTPData-out" -n PASS -f 0:=*:20:TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:21+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-out" -n PASS -f 0:=*:21:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSSH-in" -n PASS -f 0:22+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowSMTP-in" -n PASS -f 0:25+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowSMTP-out" -n PASS -f 0:=*:25:TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-in" -n PASS -f 0:53+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-out" -n PASS -f 0:=*:53:TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS-in" -n PASS -f 0:53+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowDNS-out" -n PASS -f 0:=*:53:UDP
ipsecpol -x -w REG -p "YO" -r "AllowHTTP-in" -n PASS -f 0:80+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTP-out" -n PASS -f 0:=*:80:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSNMP-in" -n PASS -f 0:161+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMP-out" -n PASS -f 0:=*:161:UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-in" -n PASS -f 0:162+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-out" -n PASS -f 0:=*:162:UDP
ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-in" -n PASS -f 0:443+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-out" -n PASS -f 0:=*:443:TCP
ipsecpol -x -w REG -p "YO" -r "AllowSysLog-in" -n PASS -f 0:514+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSysLog-out" -n PASS -f 0:=*:514:UDP
ipsecpol -x -w REG -p "YO" -r "AllowRDP-in" -n PASS -f 0:4701+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13700+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13782+*::TCP