Each stake pool must run at least one block-producing node and two relay nodes. The block-producing node holds the keys and certificates necessary to issue blocks, but it is not directly connected to the network. For security reasons, it must be connected only to its relay nodes. Then, the relay nodes connect to other relays on the network. This is configured in the topology.json file together with the server firewall.
For more information please visit: Getting Started with Stake Pool Operations