Support for centralized NAT
Opened this issue · 2 comments
lightning1 commented
There need to be major changes to the model and the ui including:
- decentralized VLANs, that are just unique per building
- private subnets on a per-user-basis
- a central public ip pool
- management of network translations
- port forwardings to allow services behind the NAT
- usage of an API provided by the NAT gateway
Additional improvements may include:
- simplifying the host model (e.g. removing interfaces for user hosts)
- do not allow public ips and private subnets to be selected during user creation to suppress race conditions by multiple creations at the same time
lukasjuhrich commented
@lightning1 I see you added a forwarding
relation, which reminds me vaguely of what we talked about – Could you perhaps outline what the Idea for the current NAT model is?
Also, it is unclear to me what the technical requirements are – what programs (e.g. the NAT boxes) have to have access to what information (e.g. view on this pg database)?
ibot3 commented
@sebschrader made a database schema for this. @lukasjuhrich did you take a look at the new schema yet?