| 1 |
> |
| 2 |
> > Zerotier looks especially interesting. Can I have machine A listen for |
| 3 |
> > Zerotier connections, have machine B connect to machine A via Zerotier, |
| 4 |
> > have machine C connect to machine A via Zerotier, and rsync push from B |
| 5 |
> > to C? |
| 6 |
> |
| 7 |
> You set up a network and the machines all connect to that network, so A, |
| 8 |
> B and C can all talk to each other. |
| 9 |
> |
| 10 |
> > Does connecting two machines via Zerotier involve any security |
| 11 |
> > considerations besides those involved when connecting those machines to |
| 12 |
> > the internet? In other words, is it a simple network connection or are |
| 13 |
> > other privelages involved with that connection? |
| 14 |
> |
| 15 |
> Connections are encrypted, handled by the ZeroTier protocols, but |
| 16 |
> otherwise it behaves like a normal network connection. |
| 17 |
> |
| 18 |
> > Can I somehow require the Zerotier connection between machines A and C |
| 19 |
> > in order for C to pass HTTP basic authentication on my web server which |
| 20 |
> > resides elsewhere? Maybe I can route all traffic from machine C to my |
| 21 |
> > web server through C's Zerotier connection to A and lock down basic |
| 22 |
> > authentication on my web server to machine A? |
| 23 |
> |
| 24 |
> Your ZeroTier connections are on a separate network, you pick an address |
| 25 |
> block when you set up the network but that network is only accessible to |
| 26 |
> other machines connected to your ZeroTier network. You can have ZT |
| 27 |
> allocate addresses within that block, it's not dynamic addressing because |
| 28 |
> one a client is given an address, it always gets the same address, or you |
| 29 |
> can specify the address for each client. So you can include an address |
| 30 |
> requirement in your .htaccess to ensure connections are only allowed from |
| 31 |
> your ZT network. |
| 32 |
> |
| 33 |
|
| 34 |
|
| 35 |
The answer to this may be an obvious "yes" but I've never done it so I'm |
| 36 |
not sure. Can I route requests from machine C through machine A only for |
| 37 |
my domain name, and not involve A for C's other internet requests? If so, |
| 38 |
where is that configured? |
| 39 |
|
| 40 |
BTW, how did you find ZT? Pity there's no ebuild yet. |
| 41 |
|
| 42 |
- Grant |
Archives