[Jool-list] NAT44 for pool4 addresses possible?
Alberto Leiva
ydahhrk at gmail.com
Mon May 21 11:29:12 CDT 2018
> IPv4 packets created by Jool do not seem to pass the
> nat postrouting chain in netfilter
Hmm? This is odd. The kernel code says otherwise. Might be a bug; I'll
test it now.
Anyway, this is how it's supposed to work:
https://jool.mx/en/intro-jool.html#design
Check both diagrams. Assuming that Jool packets are really skipping
the postrouting chain, you could enclose it in a network namespace
(the red box) so you can use the outer namespace's (not red box)
postrouting chain. There is no way that one will be skipped if you do
that.
On Sun, May 20, 2018 at 9:48 AM, Martin Weinelt
<martin at darmstadt.freifunk.net> wrote:
> Hi everyone,
>
> I'm currently building my first NAT64 setup and have stumbled upon a
> problem.
>
> When I use our public IPv4 address as pool4 I can access the internet
> just fine, except that I additionally need to be able to reach some
> private ipv4 addresses over site-to-site tunnels as well, where that
> source address doesn't work.
>
> This is why I though of using a bunch of private IPv4 addresses to map
> the NAT64 against, so they'll work for the s2s tunnel and where I can
> additionally make use of NAT44 towards the internet.
>
> The issue is that IPv4 packets created by Jool do not seem to pass the
> nat postrouting chain in netfilter, where masquerading would happen.
> Instead I now have private IPv4 address being used as saddr towards the
> internet, which cannot work either.
>
> I'd appreciate some help!
>
>
> Best regards,
>
> Martin
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list
More information about the Jool-list
mailing list