Hello Augustine,
Option two looks hopeful. The DMZ`ed computer is an always-on server that is serving content to the internet. Would it be possible to only route the IPIP packets while leaving everything else for the server? How could that be done?
Yes, that's completely possible as that's what proper routers "do". The key points / issues will be:
- What OS is running on your brother's computer? I believe any Linux, Free/Open/NetBSD will work fine - You will need to setup a proper firewall on your brother's computer to allow the good, block the bad traffic - You will need to enable forwarding of protocol 4 traffic (that's the IPIP protocol which is different than say TCP or UDP) to your AMPR computer
Much of all of this is covered on the AMPR Wiki, etc - http://wiki.ampr.org/wiki/Main_Page (scroll down on the front page) to see various OS-specific documents. Also search the Ampr email archives at http://hamradio.ucsd.edu/mailman/listinfo/44net . The Mailman system doesn't offer decent searching functions and some of the previous popular email search engines like gmane.org are gone. Hopefully you can find another search system which will work for you.
--David KI6ZHD