I would like to ask if it is a common practice to run your BP nodes only on private LAN or is everyone running all the nodes on public IPs and using only FW rules to filter the traffic and secure the nodes?
My thinking is as follows (have not tested it yet):
- I would have a public and a private IP on 2 interfaces on the relay nodes
- I would have a private IP only on the BP nodes
- I would run the relay nodes on 0.0.0.0
- I would run the BP node on 127.0.0.1 (callback to the private IP only)
- Relay topology would be linking to public relays and the private IP of my BP node
- BP topology would be linking only to the private IP of the relays
Is anyone running it this way and/or is this achievable?
EDIT: I am assuming, that all the nodes are hosted by the same VPS provider, so no problem running a private IPv4 LAN between the nodes.