I'm setting up IPSec (LibreSwan) to come into my router. (a CentOS VM)
At 127.0.0.1 in the router are ports 500 and 4500 (which are reverse SSH
tunneled from another machine).
Rather than flanging those ports directly to the outside interface in
the router, I'm hoping for a little added protection by listening them
on localhost, and then DNATing from the outside interface.
- Does this give any added protection?
- Does DNAT even work with UDP? If not, what can I do?
- Is there a better way?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
