Hi Alberto, sorry for my late reply (there was so many other stuff to do :-( ) and many thanks for your support! I tried all you suggested and it works! This is great and while working on you proposal I got more understanding how it works and how blind I was while looking for a nat solution :-D.
Best regards, Andreas -----Original Message----- From: Alberto Leiva <[email protected]> Sent: Monday, May 13, 2024 7:59 PM To: Schulz, Andreas <[email protected]> Cc: Sander Steffann <[email protected]>; [email protected] Subject: Re: [Jool-list] Question about 'more' netfilter/iptables stuff Hmm. I can't tell if my point came across or not. Guess I'll be thorough, just in case. >> Then what do you need the NATs for? > forgot to mention - because every customer is 'allowed' to bring his own ip > space it's possible that customer a and b will have the same source > ip-addresses in their network. Our idea is that with the ipv6 prefix per > customer we can map this prefix to a (source) nat network in S1 (this network > is only controlled by us so we can define all networks required). Just to be clear: I don't think you forgot to mention this. It was clear from your diagram; it has two private hosts named `10.10.10.1`. What you have never said is that you need address aggregation. So I'm assuming you don't. If you don't need aggregation, I still think you can do everything without NATs. I'll try again. I'm going to change the names in your network a bit, because I think we're getting confused by the different things called `A`, `B` and `10*`: Customer A +------+ IPv4Host A.1 +----> Jool | 10.10.10.1 | SIIT + | EAMT + Shared Service for all customers IPv4Host A.2 | A.j |\ 10.10.10.2 +------+ \ +------+ Service Network F \ | | +----> Jool | ----------------------- | SIIT +----> IPv4Host F.1 +----> EAMT | 192.0.2.1 Customer B / | F.j | / | | / +------+ +------+ IPv4Host B.1 +----> Jool | 10.10.10.1 | SIIT | | EAMT | IPv4Host B.3 +----> B.j | 10.10.10.3 +------+ ====================================== A.j's EAMT: 10.10.10.0/24 | 2001:db8:AAAA::/120 192.0.2.0/24 | 2001:db8:FFFF::/120 B.j's EAMT: 10.10.10.0/24 | 2001:db8:BBBB::/120 192.0.2.0/24 | 2001:db8:FFFF::/120 F.j's EAMT: 192.0.2.0/24 | 2001:db8:FFFF::/120 # F 203.0.113.0/24 | 2001:db8:AAAA::/120 # A 198.51.100.0/24 | 2001:db8:BBBB::/120 # B A.j converts A.1 (10.10.10.1) to 2001:db8:AAAA::1, and F.j converts that into 203.0.113.1. B.j converts B.1 (10.10.10.1) to 2001:db8:BBBB::1, and F.j converts that into 198.51.100.1. Nodes renamed, no NAT needed. Then you can add the optional EAMs in case you want to communicate A.* with B.*. _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
