[Jool-list] Help with routing loop?

kurt kurt at realacquisitions.com
Fri Dec 22 11:13:32 CST 2017 

I'd be happy to continue working on this if it can benefit others, but I had to bail and add dual stack to the node (against my wishes).
Thanks,Kurt
Sent from Samsung Galaxy smartphone.
-------- Original message --------From: Alberto Leiva <ydahhrk at gmail.com> Date: 12/22/17  10:29  (GMT-06:00) To: Kurt Lund <kurt at realacquisitions.com> Cc: jool-list at nic.mx Subject: Re: [Jool-list] Help with routing loop? 
> I think this is a separate problem. Let me see if I can reproduce it.

Wait. It returns me an empty file even when I wget via IPv4 directly.

I think there's something funny going on with this service.

On Fri, Dec 22, 2017 at 10:23 AM, Alberto Leiva <ydahhrk at gmail.com> wrote:
>> Now when I "tracepath6 -n 2000:ffff::73.xxx.67.1 from the test
>> host, I get:
>> ...
>> If I "tracepath 73.xxx.67.1" from the jool host, I get a real
>> trace with real names that goes "no reply" one step earlier.
>
> I can't explain the "goes 'no reply' one step earlier" thing, but as
> for the rest, check this out:
>
> https://jool.mx/en/usr-flags-global.html#--source-icmpv6-errors-better
>
>> Specifically, I cannot "wget http://whatsmyip.org".  It returns
>> an empty file.
>
> I think this is a separate problem. Let me see if I can reproduce it.
>
> On Fri, Dec 22, 2017 at 2:17 AM, Kurt Lund <kurt at realacquisitions.com> wrote:
>> I followed the instructions very carefully, but had to use a different
>> prefix (I used 2000:ffff::/96, that I stole from the old NAT-PT
>> documentation) because I (stupidly) used the whole /64 that was given to me
>> when setting up my dual stack nodes, so Jool complained when I tried to use
>> a /96 in the config.
>>
>> It "works" in that I can use Jool to connect to a IPV4 device in my network
>> from a IPv6-only node, but any attempt to connect outside my network has
>> issues.
>>
>> IPv6 side:  2604:xxxx:0:a::/64
>> IPv4 side:  216.xxx.228.0/29 AND 216.xxx.228.8/29
>> Jool setup: Centos 7, single NIC
>>     Kernel module "jool" loaded with "modprobe --first-time jool
>> pool6=2000:ffff::/96"
>>     IPv4: using host address of 216.xxx.228.6
>>     IPv6: using host address of 2604:xxxx:0:a:e6::e406
>>
>> Text IPv6 host:  2604:xxxx:0:a:4::2
>> Test IPv4 host: 216.xxx.228.13 (although it is a dual stack node, I have
>> confirmed that Jool was used to translate the IP)
>>
>> Test:  "ssh 2000:ffff::216.xxx.228.13" (confirmed on target by "netstat -an
>> | grep 216.xxx.228.6" and finding only one entry -- me)
>> "jool --bib --display" shows the mapping:
>> TCP:
>> [Dynamic] 216.xxx.228.6#62327 - 2604:xxxx:0:a:4::2#35038
>>
>> Now when I "tracepath6 -n 2000:ffff::73.xxx.67.1 from the test host, I get:
>>
>>  1?: [LOCALHOST]                        0.029ms pmtu 1500
>>  1:  2604:xxxx:0:a:e6::e406                              144.339ms asymm  2
>>  1:  2604:xxxx:0:a:e6::e406                                5.092ms asymm  2
>>  2:  2000:ffff::49xx:4301                                  1.151ms asymm  3
>>  3:  2000:ffff::49xx:4301                                  1.469ms asymm  4
>>  4:  2000:ffff::49xx:4301                                  1.226ms asymm  5
>>  5:  2000:ffff::49xx:4301                                  2.073ms asymm  6
>>  6:  2000:ffff::49xx:4301                                  2.538ms asymm  7
>>  7:  2000:ffff::49xx:4301                                  3.340ms asymm  8
>>  8:  2000:ffff::49xx:4301                                  3.512ms asymm  9
>>  9:  2000:ffff::49xx:4301                                  9.436ms asymm  7
>> 10:  2000:ffff::49xx:4301                                  7.961ms asymm  5
>> 11:  2000:ffff::49xx:4301                                 11.584ms asymm  6
>> 12:  2000:ffff::49xx:4301                                 11.678ms asymm  7
>> 13:  no reply
>> 14:  no reply
>> 15:  no reply
>>
>> If I "tracepath 73.xxx.67.1" from the jool host, I get a real trace with
>> real names that goes "no reply" one step earlier.
>>
>> Maybe this is not a big deal (it only seems to mask ICMP stuff) but I also
>> can't access public nodes with other (more important) protocols.
>> Specifically, I cannot "wget http://whatsmyip.org".  It returns an empty
>> file.
>>
>> HELP!!
>>
>> Thanks,
>> Kurt Lund
>> kurt at realacquisitions.com
>> RealAcquisitions.com
>>
>> _______________________________________________
>> Jool-list mailing list
>> Jool-list at nic.mx
>> https://mail-lists.nic.mx/listas/listinfo/jool-list
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20171222/5e760236/attachment-0001.html>

More information about the Jool-list mailing list