> > > Zerotier looks especially interesting. Can I have machine A listen for > > Zerotier connections, have machine B connect to machine A via Zerotier, > > have machine C connect to machine A via Zerotier, and rsync push from B > > to C? > > You set up a network and the machines all connect to that network, so A, > B and C can all talk to each other. > > > Does connecting two machines via Zerotier involve any security > > considerations besides those involved when connecting those machines to > > the internet? In other words, is it a simple network connection or are > > other privelages involved with that connection? > > Connections are encrypted, handled by the ZeroTier protocols, but > otherwise it behaves like a normal network connection. > > > Can I somehow require the Zerotier connection between machines A and C > > in order for C to pass HTTP basic authentication on my web server which > > resides elsewhere? Maybe I can route all traffic from machine C to my > > web server through C's Zerotier connection to A and lock down basic > > authentication on my web server to machine A? > > Your ZeroTier connections are on a separate network, you pick an address > block when you set up the network but that network is only accessible to > other machines connected to your ZeroTier network. You can have ZT > allocate addresses within that block, it's not dynamic addressing because > one a client is given an address, it always gets the same address, or you > can specify the address for each client. So you can include an address > requirement in your .htaccess to ensure connections are only allowed from > your ZT network. >
The answer to this may be an obvious "yes" but I've never done it so I'm not sure. Can I route requests from machine C through machine A only for my domain name, and not involve A for C's other internet requests? If so, where is that configured? BTW, how did you find ZT? Pity there's no ebuild yet. - Grant
