I now have my Virgin SuperHub2 set to accept incoming calls to a DMZ (RPi running a VPN server).
I used 'shields up' to check what the ports were doing.
Now without DMZ turned on everything is stealthed.
With DMZ turned on Port 22 (ssh) and Post 1723 (pptpd for VPN) are both opened automatically.
The rest go to 'closed' instead of 'stealthed'.
The opening of the two ports seems reasonable for an instant DMZ, but I am puzzled why the other ports now show as 'closed'. AFAIK a 'closed' port will show up on a port scan by 'bad people' whereas a 'stealthed' one will not.
OTOH is I have 22 and 1723 open the router must be standing out like a sore thumb anyway.
So does the team think that this strategy is O.K. or should I be looking at a more robust implementation of a DMZ?
Cheers
Dave R