Often you want to have a separate network for each project/location. Staex establishes trust between neighbour nodes. This means that you can send a packet to any node reachable by child-parent links.
Staex offers packet forwarding feature to isolate different networks from each other.
When you setup forwarding rules they override this behaviour,
and allow to only forward packets to the selected networks.
The rules are configured in
In this how-to we will bridge four networks:
We want to only forward the traffic from every laptop to every project and vice versa, i.e. a node from project-a should not be able to reach a node from project-b. The following table shows between which networks the packets are forwarded. Please note that
To create forwarding rules we write them in a temporary file called
rules.conf on each gateway
(here we use network names instead of public keys for readability).
bridge project-a-public-key laptops-public-key bridge project-b-public-key laptops-public-key
Then we apply these rules using the
In order to boot all the nodes in the aforementioned configuration
we need to establish trust between the neighbours.
To do that we add gateways network certificate to every node as trusted.
Then we add every other network certificate to every gateway node as trusted.