On 12/12/2017 03:22 PM, cac...@quantum-sci.com wrote:
>
> I'm setting up IPSec (LibreSwan) to come into my router. (a CentOS VM)
>
> At 127.0.0.1 in the router are ports 500 and 4500 (which are reverse
> SSH tunneled from another machine).
>
> Rather than flanging those ports directly to the outside interface in
> the router, I'm hoping for a little added protection by listening them
> on localhost, and then DNATing from the outside interface.
>
> - Does this give any added protection?
>
> - Does DNAT even work with UDP? If not, what can I do?
>
> - Is there a better way?
>
Can anyone advise?
I have many problems already, trying to get ipsec working. Trying to
anticipate this one.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
