[Jool-list] Question about 'more' netfilter/iptables stuff
Andreas Schulz (Fujitsu)
andreas.schulz at fujitsu.com
Mon Jul 8 01:51:40 CST 2024
Hi Alberto,
sorry for my late reply (there was so many other stuff to do :-( ) and many thanks for your support! I tried all you suggested and it works! This is great and while working on you proposal I got more understanding how it works and how blind I was while looking for a nat solution :-D.
Best regards,
Andreas
-----Original Message-----
From: Alberto Leiva <ydahhrk at gmail.com>
Sent: Monday, May 13, 2024 7:59 PM
To: Schulz, Andreas <andreas.schulz at fujitsu.com>
Cc: Sander Steffann <sander at steffann.nl>; jool-list at nic.mx
Subject: Re: [Jool-list] Question about 'more' netfilter/iptables stuff
Hmm. I can't tell if my point came across or not. Guess I'll be
thorough, just in case.
>> Then what do you need the NATs for?
> forgot to mention - because every customer is 'allowed' to bring his own ip space it's possible that customer a and b will have the same source ip-addresses in their network. Our idea is that with the ipv6 prefix per customer we can map this prefix to a (source) nat network in S1 (this network is only controlled by us so we can define all networks required).
Just to be clear: I don't think you forgot to mention this. It was
clear from your diagram; it has two private hosts named `10.10.10.1`.
What you have never said is that you need address aggregation. So I'm
assuming you don't.
If you don't need aggregation, I still think you can do everything without NATs.
I'll try again. I'm going to change the names in your network a bit,
because I think we're getting confused by the different things called
`A`, `B` and `10*`:
Customer A
+------+
IPv4Host A.1 +----> Jool |
10.10.10.1 | SIIT +
| EAMT + Shared Service for all customers
IPv4Host A.2 | A.j |\
10.10.10.2 +------+ \ +------+ Service Network F
\ | |
+----> Jool |
----------------------- | SIIT +----> IPv4Host F.1
+----> EAMT | 192.0.2.1
Customer B / | F.j |
/ | |
/ +------+
+------+
IPv4Host B.1 +----> Jool |
10.10.10.1 | SIIT |
| EAMT |
IPv4Host B.3 +----> B.j |
10.10.10.3 +------+
======================================
A.j's EAMT:
10.10.10.0/24 | 2001:db8:AAAA::/120
192.0.2.0/24 | 2001:db8:FFFF::/120
B.j's EAMT:
10.10.10.0/24 | 2001:db8:BBBB::/120
192.0.2.0/24 | 2001:db8:FFFF::/120
F.j's EAMT:
192.0.2.0/24 | 2001:db8:FFFF::/120 # F
203.0.113.0/24 | 2001:db8:AAAA::/120 # A
198.51.100.0/24 | 2001:db8:BBBB::/120 # B
A.j converts A.1 (10.10.10.1) to 2001:db8:AAAA::1, and F.j converts
that into 203.0.113.1.
B.j converts B.1 (10.10.10.1) to 2001:db8:BBBB::1, and F.j converts
that into 198.51.100.1.
Nodes renamed, no NAT needed.
Then you can add the optional EAMs in case you want to communicate A.* with B.*.
More information about the Jool-list
mailing list