Another basic question that google search and AI aren't helping with.
I have an RB5009 at location-1.
I have a hEX at location-2.
The two devices/location are connected via Wireguard (works great!).
Both locations have a public IP and a Wireguard IP (10.10.100.1 and 10.10.100.40 respectively).
If I run an nmap from location-1 to 10.10.100.40 (where frames use the Wireguard interface and connection), I can see all the open ports at 10.10.100.40).
But, if I run an nmap from location-1 to the public IP of location-2, there are no open ports showing.
I understand (basically) why and how the wireguard connection shows all the open ports to location-1 (that is, using the 10.10.100.x IP routing via the Wireguard interface).
I am unclear why the routing to the public address of location-2 does not know that it is the same location as 10.10.100.40?
Is it because the default routing for all public addresses is out ether1 to the IPS's gateway?
Follow up question: Would running an nmap scan of all locations by their public IP addresses from location-1 be a valid test to find any open ports, despite all locations having a wireguard connection to location-1?
Thank you.
I have an RB5009 at location-1.
I have a hEX at location-2.
The two devices/location are connected via Wireguard (works great!).
Both locations have a public IP and a Wireguard IP (10.10.100.1 and 10.10.100.40 respectively).
If I run an nmap from location-1 to 10.10.100.40 (where frames use the Wireguard interface and connection), I can see all the open ports at 10.10.100.40).
But, if I run an nmap from location-1 to the public IP of location-2, there are no open ports showing.
I understand (basically) why and how the wireguard connection shows all the open ports to location-1 (that is, using the 10.10.100.x IP routing via the Wireguard interface).
I am unclear why the routing to the public address of location-2 does not know that it is the same location as 10.10.100.40?
Is it because the default routing for all public addresses is out ether1 to the IPS's gateway?
Follow up question: Would running an nmap scan of all locations by their public IP addresses from location-1 be a valid test to find any open ports, despite all locations having a wireguard connection to location-1?
Thank you.
Statistics: Posted by Josephny — Sat Mar 01, 2025 12:37 pm