In the past I wanted to do fancy port knocking with fwknop2.
So I determined that I was using Double NAT.
I decided to solve this problem by putting my OpenWRT WAN port's IP on the Comcast's private LAN (where it already was using a reserved IP) and use that IP address in the DMZ setting.
For a while I was able to port knock from the Library back to my house, but then it stopped working for some reason.
Is there some reason this doesn't work with SIT? I noticed there isn't a port so does that have something to do with the layer?