On Sat, Aug 12, 2017 at 08:48:24 -0400, D'Arcy Cain wrote:

> On 08/12/2017 12:16 AM, Valery Ushakov wrote:
> > You can forward all trafic from the consumer gizmo internet facing
> > router (with single public IP address from the provider) to the
> > internal netbsd router.  It's usually called "DMZ host" in the web
> > interface.
> I considered that but it seems insecure.  I do have a few ports pointing to
> the device already though so that would just open all of them.  I suppose it
> would be no worse than using the NetBSD box as my gateway router.

Yes, the netbsd router is effectively the gateway router.

> > PS: Hmm, looking at gre(4), shouldn't the example be fixed to say
> > 
> >    ifconfig greN tunnel B C
> I don't think so.  I am pretty sure that I read that the first argument to
> tunnel must be an address on the host server.  Not sure where I read that
> though as I have been doing a lot of research in the last day or two.  I
> couldn't find it in the man page.

Two points here: 1) the example I gave is adapted from the actual
working configuration I use; 2) in the man page example address C is
not mentioned at all in the configuration of "Router A".  How can
router A divine it, as it obviously needs to send the GRE packets to
the address C (remote-outer-ip).


Reply via email to