[Jool-list] Question about 'more' netfilter/iptables stuff

Mon, 29 Apr 2024 01:30:57 -0700 

Hi folks,

I have a 'problem', maybe someone can help me with this issue. This is a 
network overview:

Customer A
                           NAT/Joolserver A1
                       +---------------------+
                       |                     |
                       |     SIIT EAMT       |
A IPv4Host +----------->                     +
                       |  Translate IPv4/IPv6|\                     Shared 
Service for all customers
  10.10.10.1           |  do some add. NAT   | \                           
NAT/Joolserver S1
                       |                     |  \                      
+----------------------+
                       +---------------------+   \                     |        
              |
                                                  \    IPv6 network    |    
SIIT EAMT         |
-----------------------------------------------    +--------------->--->        
              +-----------> B IPv4Host
                                                   +------------------->  
Translate IPv4/IPv6 |
Customer B                                        /                    |  do 
some add NAT     |             10.1.1.1
                           NAT/Joolserver B1     /                     |        
              |
                       +---------------------+  /                      
+----------------------+
                       |                     | /
                       |     SIIT EAMT       |/
A IPv4Host +----------->                     +
                       |  Translate IPv4/IPv6|
  10.10.10.1           |  do some add. NAT   |
                       |                     |
                       +---------------------+

- several customers - maybe with the same rfc1918 networks
- all customers try to access a service in the shared service network with ip 
address 10.1.1.1
- every customer defines a network that we can use for nat the 10.1.1.1 service 
eg. customer a is using 10.10.11.1 for 10.1.1.1,
  customer b is using 10.20.5.1 for 10.1.1.1
- every customer gets a nat network for their source address in the shared 
service network eg. customer a is natted behind 10.10.20.X

We try to achieve the following:
1 customer a starts to access 10.10.11.1 (original 10.1.1.1)
2 Joolserver A1 is doing DNAT from 10.10.11.1 to 10.1.1.1
3 Joolserver A1 is doing translation IPv4/IPv6 (this already works right now)
4 Joolserver S1 is doing translation 'back' IPv6/IPv4
5 Joolserver A1 is doing SNAT from 10.10.10.1 to 10.10.20.1

3 & 4 are working fine - I used the thread 
https://mail-lists.nic.mx/pipermail/jool-list/2022-April/000473.html - without 
any NAT

Because Jool is using the table mangle I wasn't able to do iplement some more 
NAT rules because the packets never reached the nat table.
I would assume this is because the mangle rules already matched. But I have no 
idea how I have to configure it that I can apply additional NAT rules.

I know that jool is doing the job for what it was designed to do. But maybe 
someone has a hint how this can be solved on Joolserver A1 and S1?

Kind regards
Andreas Schulz

P.S. thanks for your work on Jool!
_______________________________________________
Jool-list mailing list
[email protected]
https://mail-lists.nic.mx/listas/listinfo/jool-list

Reply via email to