[Jool-list] Question about 'more' netfilter/iptables stuff

Alberto Leiva ydahhrk at gmail.com
Mon May 13 11:59:51 CST 2024 

Hmm. I can't tell if my point came across or not. Guess I'll be
thorough, just in case.

>> Then what do you need the NATs for?
> forgot to mention - because every customer is 'allowed' to bring his own ip space it's possible that customer a and b will have the same source ip-addresses in their network. Our idea is that with the ipv6 prefix per customer we can map this prefix to a (source) nat network in S1 (this network is only controlled by us so we can define all networks required).

Just to be clear: I don't think you forgot to mention this. It was
clear from your diagram; it has two private hosts named `10.10.10.1`.

What you have never said is that you need address aggregation. So I'm
assuming you don't.

If you don't need aggregation, I still think you can do everything without NATs.

I'll try again. I'm going to change the names in your network a bit,
because I think we're getting confused by the different things called
`A`, `B` and `10*`:

Customer A
                  +------+
IPv4Host A.1 +----> Jool |
 10.10.10.1       | SIIT +
                  | EAMT +        Shared Service for all customers
IPv4Host A.2      | A.j  |\
 10.10.10.2       +------+ \      +------+  Service Network F
                            \     |      |
                             +----> Jool |
-----------------------           | SIIT +----> IPv4Host F.1
                             +----> EAMT |       192.0.2.1
Customer B                  /     | F.j  |
                           /      |      |
                          /       +------+
                  +------+
IPv4Host B.1 +----> Jool |
 10.10.10.1       | SIIT |
                  | EAMT |
IPv4Host B.3 +----> B.j  |
 10.10.10.3       +------+

======================================

A.j's EAMT:

    10.10.10.0/24 | 2001:db8:AAAA::/120
    192.0.2.0/24  | 2001:db8:FFFF::/120

B.j's EAMT:

    10.10.10.0/24 | 2001:db8:BBBB::/120
    192.0.2.0/24  | 2001:db8:FFFF::/120

F.j's EAMT:

    192.0.2.0/24    | 2001:db8:FFFF::/120    # F
    203.0.113.0/24  | 2001:db8:AAAA::/120    # A
    198.51.100.0/24 | 2001:db8:BBBB::/120    # B

A.j converts A.1 (10.10.10.1) to 2001:db8:AAAA::1, and F.j converts
that into 203.0.113.1.

B.j converts B.1 (10.10.10.1) to 2001:db8:BBBB::1, and F.j converts
that into 198.51.100.1.

Nodes renamed, no NAT needed.

Then you can add the optional EAMs in case you want to communicate A.* with B.*.

More information about the Jool-list mailing list