On 18/10/2016 10:33 PM, lleachii--- via 44Net wrote:
NATed hosts must be connection tracked for outbound (which is why his node can be reached by the remote after he initiates pings). "DMZ" settings usually apply only to TCP and UDP (in most consumer devices, at least). This is also further indication that our common recommendation on this list for operators to place their AMPRGW in the DMZ may not be a risk necessary to take. I should note, I've NEVER been able to use a router with AMPRNet by simply enabling the "DMZ feature" on a consumer device. We may need to compile a list of makes/models where the DMZ feature works with IPENCAP.
My FritzBox 7270 seems to pass inbound IPENCAP packets fine using the DMZ function. I can certainly get access from outside, and I've never seen any of these intermittent issues.