On Sat, Aug 12, 2017 at 08:48:24 -0400, D'Arcy Cain wrote:
> On 08/12/2017 12:16 AM, Valery Ushakov wrote:
> > You can forward all trafic from the consumer gizmo internet facing
> > router (with single public IP address from the provider) to the
> > internal netbsd router. It's usually called "DMZ host" in the web
> > interface.
> I considered that but it seems insecure. I do have a few ports pointing to
> the device already though so that would just open all of them. I suppose it
> would be no worse than using the NetBSD box as my gateway router.
Yes, the netbsd router is effectively the gateway router.
> > PS: Hmm, looking at gre(4), shouldn't the example be fixed to say
> > ifconfig greN tunnel B C
> I don't think so. I am pretty sure that I read that the first argument to
> tunnel must be an address on the host server. Not sure where I read that
> though as I have been doing a lot of research in the last day or two. I
> couldn't find it in the man page.
Two points here: 1) the example I gave is adapted from the actual
working configuration I use; 2) in the man page example address C is
not mentioned at all in the configuration of "Router A". How can
router A divine it, as it obviously needs to send the GRE packets to
the address C (remote-outer-ip).