Sorry for taking so long. > 1. I forgot to mention that the direction S1 -> A1 or B1 is also required. > Means that a service in shared environment has to access a client in > customer-a-network (there will be defined ipv4 nat-network for every > customer).
Can you assign a different port for each customer? Would B understand that? If so, port forwarding: https://nicmx.github.io/Jool/en/bib.html > - every customer defines a network that we can use for nat the 10.1.1.1 > service eg. customer a is using 10.10.11.1 for 10.1.1.1, customer b is using > 10.20.5.1 for 10.1.1.1 Then what do you need the NATs for? A1's EAMT should be (please read in monospace) 10.10.10.1 | 2001:db8:AAAA::1 # A (Customer A) 10.1.1.1 | 2001:db8:BBBB::1 # B 10.20.5.1 | 2001:db8:AAAA::2 # A (Custormer B) (Optional) B1's EAMT should be 10.10.10.1 | 2001:db8:AAAA::2 # A (Customer B) 10.1.1.1 | 2001:db8:BBBB::1 # B 10.10.11.1 | 2001:db8:AAAA::1 # A (Customer A) (Optional) S1's EAMT should be 10.10.11.1 | 2001:db8:AAAA::1 # A (Customer A) 10.20.5.1 | 2001:db8:AAAA::2 # A (Customer B) 10.1.1.1 | 2001:db8:BBBB::1 # B Sample packet flow: - Customer A writes 10.10.10.1 (A.A) -> 10.1.1.1 (B) - A1 translates that into 2001:db8:AAAA::1 -> 2001:db8:BBBB::1 - S1 translates that into 10.10.11.1 -> 10.1.1.1 Response packet flow: - B writes 10.1.1.1 (B) -> 10.10.11.1 (A.A) - S1 translates that into 2001:db8:BBBB::1 -> 2001:db8:AAAA::1 - A1 translates that into 10.1.1.1 -> 10.10.10.1 Sample packet flow with optional EAMs included: - Customer A writes 10.10.10.1 (A.A) -> 10.20.5.1 (B.A) - A1 translates that into 2001:db8:AAAA::1 -> 2001:db8:AAAA::2 - B1 translates that into 10.10.11.1 -> 10.10.10.1 > Because Jool is using the table mangle I wasn't able to do iplement some more > NAT rules because the packets never reached the nat table. > I would assume this is because the mangle rules already matched. But I have > no idea how I have to configure it that I can apply additional NAT rules. Jool and NAT don't work well together in the same namespace. You can place them in different namespaces: https://nicmx.github.io/Jool/en/intro-jool.html#design On Fri, May 3, 2024 at 6:50 AM Sander Steffann via Jool-list <[email protected]> wrote: > > Hi, > > > thanks for your answer - quite an interesting idea :-). Just two questions: > > > > 1. I forgot to mention that the direction S1 -> A1 or B1 is also required. > > Means that a service in shared environment has to access a client in > > customer-a-network (there will be defined ipv4 nat-network for every > > customer). > > Yeah, that won’t work in this setup. > > > 2. I tried some configurations but it seems that I have not enough > > knowledge/understanding how to configure your proposal. May I ask you to > > show me the jool-commands for a1 and s1? network A can have 10.10.20.X as > > source network in S1 > > I need some time to come up with a solution for requirement 1. If I forget, > feel free to poke me next week :) > > Cheers! > Sander > > _______________________________________________ > Jool-list mailing list > [email protected] > https://mail-lists.nic.mx/listas/listinfo/jool-list _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
