While the inverse masquerading described in the previous section allows at least one service of each type (e.g. one web, mail and FTP server) to be exposed, the method is subject to some restrictions.
- The service of the exposed host must be supported and ‘understood’ by the masking module. For example, some VoIP servers use non-standard, proprietary ports for advanced signaling. As a result, these server services can only be operated on connections without masking.
- From the security standpoint, it must be noted that the exposed host is in the local network. If the computer is hijacked by an attacker, it would be open to abuse for attacks against other machines in the local network.
