Sorry for the cross post with this thread. linking if somones interested in the future.
- ALL other OpenZiti equipment can be deployed in private address space, with private ips and with DENY ALL INBOUND firewall rules.
- controller "in the public"
- at least one router in the same address space of the controller "in the public"
- "in the public" means, has public routable address/ip and allows inbound connections
- other routers or tunnels don't need to allow inbound connectoins, but do need outbound connections
This so far makes sense to me.
I guess my long shot question is if its feasible to only host the tunnel / router in the public subnet 2 . And somehow intercept/route traffic from the private subnet 2 through the router/tunnel in public subnet 2.
I'm not sure if my question makes complete sense. Or if this is even in the scope of what ziti can do.
Perhaps this is a case for using some sort of proxy to control traffic from private nodes to go through public node so that it can join the ziti network through the tunnel/router running there. Any clue if such a pattern like this make sense? Has there been such a pattern like this?
Thank you for the help!