1 |
> |
2 |
> > Zerotier looks especially interesting. Can I have machine A listen for |
3 |
> > Zerotier connections, have machine B connect to machine A via Zerotier, |
4 |
> > have machine C connect to machine A via Zerotier, and rsync push from B |
5 |
> > to C? |
6 |
> |
7 |
> You set up a network and the machines all connect to that network, so A, |
8 |
> B and C can all talk to each other. |
9 |
> |
10 |
> > Does connecting two machines via Zerotier involve any security |
11 |
> > considerations besides those involved when connecting those machines to |
12 |
> > the internet? In other words, is it a simple network connection or are |
13 |
> > other privelages involved with that connection? |
14 |
> |
15 |
> Connections are encrypted, handled by the ZeroTier protocols, but |
16 |
> otherwise it behaves like a normal network connection. |
17 |
> |
18 |
> > Can I somehow require the Zerotier connection between machines A and C |
19 |
> > in order for C to pass HTTP basic authentication on my web server which |
20 |
> > resides elsewhere? Maybe I can route all traffic from machine C to my |
21 |
> > web server through C's Zerotier connection to A and lock down basic |
22 |
> > authentication on my web server to machine A? |
23 |
> |
24 |
> Your ZeroTier connections are on a separate network, you pick an address |
25 |
> block when you set up the network but that network is only accessible to |
26 |
> other machines connected to your ZeroTier network. You can have ZT |
27 |
> allocate addresses within that block, it's not dynamic addressing because |
28 |
> one a client is given an address, it always gets the same address, or you |
29 |
> can specify the address for each client. So you can include an address |
30 |
> requirement in your .htaccess to ensure connections are only allowed from |
31 |
> your ZT network. |
32 |
> |
33 |
|
34 |
|
35 |
The answer to this may be an obvious "yes" but I've never done it so I'm |
36 |
not sure. Can I route requests from machine C through machine A only for |
37 |
my domain name, and not involve A for C's other internet requests? If so, |
38 |
where is that configured? |
39 |
|
40 |
BTW, how did you find ZT? Pity there's no ebuild yet. |
41 |
|
42 |
- Grant |