Pascal Hambourg wrote: > Philip Prindeville a écrit : >> >> There is an administrative web server that is used for configuration via >> GUI. >> >> The interface is accessible via port 80 internally... but we want to >> obscure it externally [...] We similarly obscure the Ssh port > > Security through obscurity, just as I thought. Why don't you just have > the web server and sshd listening on alternate ports and allow external > access only on these ports ? Not entirely. We also have multiple redundant devices all DNAT'd behind a single IP address... so we'd have had to relocate Ssh, HTTP, etc. regardless. -Philip -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
