On Sat, Aug 12, 2017 at 08:48:24 -0400, D'Arcy Cain wrote: > On 08/12/2017 12:16 AM, Valery Ushakov wrote: > > You can forward all trafic from the consumer gizmo internet facing > > router (with single public IP address from the provider) to the > > internal netbsd router. It's usually called "DMZ host" in the web > > interface. > > I considered that but it seems insecure. I do have a few ports pointing to > the device already though so that would just open all of them. I suppose it > would be no worse than using the NetBSD box as my gateway router.
Yes, the netbsd router is effectively the gateway router. > > PS: Hmm, looking at gre(4), shouldn't the example be fixed to say > > > > ifconfig greN tunnel B C > > I don't think so. I am pretty sure that I read that the first argument to > tunnel must be an address on the host server. Not sure where I read that > though as I have been doing a lot of research in the last day or two. I > couldn't find it in the man page. Two points here: 1) the example I gave is adapted from the actual working configuration I use; 2) in the man page example address C is not mentioned at all in the configuration of "Router A". How can router A divine it, as it obviously needs to send the GRE packets to the address C (remote-outer-ip). -uwe