>> The answer to this may be an obvious "yes" but I've never done it so I'm >> not sure. Can I route requests from machine C through machine A only >> for my domain name, and not involve A for C's other internet requests? >> If so, where is that configured? > > While ZT can be used to route requests between networks, but it is mainly > used to talk directly between clients. If A wants to talk to C over ZT, > it uses C's ZT IP address. > > Here's a snippet from ifconfig on this machine, whch may help it make > sense to you > > wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.6 netmask 255.255.255.0 broadcast 192.168.1.255 > ether c4:8e:8f:f7:55:c9 txqueuelen 1000 (Ethernet) > > zt0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 2800 > inet 10.252.252.6 netmask 255.255.255.0 broadcast 10.252.252.255 > > To talk to this computer from another of my machines over ZT I would use > the 10.252... address. If you tried that address, you'd get nowhere as > you are not connected to my network.
So if 10.252.252.6 were configured as a router, could I join your ZT network and use iptables to route my example.com 80/443 requests to 10.252.252.6, thereby granting me access to my web apps which are configured to only allow your machine's WAN IP? The first couple paragraphs here make it sound like a centralized SaaS as far as the setup phase of the connection: https://www.zerotier.com/blog/?p=577 Is it possible (easy?) to run your own "core node" and so not interact with the official core nodes at all? - Grant
