[Jool-list] Jool use with IPv6 island connected to IPv4 network

[Romain Bazile]

Hey everyone,

First of all, sorry if this has already been asked and answered, but I 
couldn't find an exact answer anywhere in the doc or anywhere. And sorry 
for the long post!

So, here is our goal: we are trying to make a small IPv6 island (typical 
size 20 devices, but could be up to 255) appear on an IPv4 only network 
(typical home network, with a DHCP server on a box with 
router/firewall/NAT from our ISP).

The IPv6 network is wireless, based on IEEE802.15.4 with a 6LoWPAN 
layer. Traffic on this network appears on a wpan0 interface in our 
gateway. This gateway is connected through its eth0 interface to our 
local IPv4 network. Its IPv4 is delegated by the DHCP Server.
Every IPv6 device has a somewhat unpredictable IP where the prefix is 
fg01::/64.
Ideally, we would like to have every IPv6 device appear on the local 
network with an address delegated by the local network DHCP server. We 
would like to have this to happen with a dynamic (but long term, i.e. 
several hours) mapping made between the IPv6 device and the IPv4 address 
delegated by the DHCP.
Then, all the traffic directed to the local IPv4 address would be 
forwarded to the IPv6 network and vice-versa.
One way to do this would be by using NAT64 (hence my presence here!). 
Our gateway
could also host a DNS64 if needed.


So, I was able to compile jool on my gateway, modprobe it (it's running 
kernel 4.1.15) and set it up with the jool command line. I will be using 
it as a NAT64.
The gateway eth0 ip address is 192.168.0.100 (from the DHCP pool), and 
its wpan0 ip address if fg01::2.
Let's call the first device on the IPv6 network A6. The gateway would be 
G64 and my computer on the IPv4 network would be C4.

I load jool with an IPv6 pool (with jool -6 -a fg01::/96 ). When I try 
to ping from A6 to C4, I have a correct ping (dmesg shows a session was 
put up: Added session 
fg01::3e52:10b1:6fc8:f0f1:94f8#1|fg01::c0a8:c0#1|192.168.0.100#62153|192.168.0.192#62153|ICMP 
).
This behavior is nice, but I'm not able to send back packets, even if I 
start a UDP session from A6. I should be able to send packets to 
192.168.0.100:64065 for example, but they are not received by A6. I 
suspect there could be a iptables thingy to configure here, but I'm not 
sure about that.


Moreover, this is not the desired behavior as I want A6 to have its own 
IPv4 address (to make it easier to talk to it).
But when I set up an IPv4 pool (with jool -4 -a 192.168.0.50/29 for 
example), I'm able to ping from A6 to C4, but not the other way around. 
And when I start a UDP session, I cannot send UDP packets back from C4 
to A6.
Here, I reckon that the gateway does not know that packets on the 
network with the 192.168.0.54 address are in fact destined to her, 
because when I manually add this IP to eth0 (with ip addr add 
192.168.0.54/24 dev eth0 ), suddenly, it works!


So, in order, here are my questions:

  * Is it normal behavior that I cannot send back UDP packets to the
    NATed IPv4:port, even when the session has been correctly added?
    (I'm talking about a real UDP session, not an ICMP one)
  * How can I tell my eth0 interface that its should be concerned by
    packets adressed on the 192.168.0.54 (which it used to send packets
    beforehand since pinging worked), but without statically configuring
    it with this IP address?
  * Can jool automatically and dynamically requests a new IPv4 from a
    DHCP server for an IPv6 device hidden behind?
  * Can jool automatically set up new address on the eth0 interface
    (when they are allocated by the DHCP server)?



I'm not even sure I should be using the NAT64 functionality instead of 
SIIT for example.
Anyway, thanks for the time it took you to read this brick!



Sincerely,
-- 

Romain Bazile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20160728/8bfb83a5/attachment.html>