[Jool-list] NAT44 for pool4 addresses possible?

Alberto Leiva ydahhrk at gmail.com
Mon May 21 11:31:49 CDT 2018 

Oh, I forgot: Here's how to enclose Jool in a network namespace:

https://jool.mx/en/usr-flags-instance.html
https://jool.mx/en/node-based-translation.html

Both documentation pieces intend to do something slightly different
from what you're doing, but should be easy to adapt.

On Mon, May 21, 2018 at 11:29 AM, Alberto Leiva <ydahhrk at gmail.com> wrote:
>> IPv4 packets created by Jool do not seem to pass the
>> nat postrouting chain in netfilter
>
> Hmm? This is odd. The kernel code says otherwise. Might be a bug; I'll
> test it now.
>
> Anyway, this is how it's supposed to work:
> https://jool.mx/en/intro-jool.html#design
>
> Check both diagrams. Assuming that Jool packets are really skipping
> the postrouting chain, you could enclose it in a network namespace
> (the red box) so you can use the outer namespace's (not red box)
> postrouting chain. There is no way that one will be skipped if you do
> that.
>
> On Sun, May 20, 2018 at 9:48 AM, Martin Weinelt
> <martin at darmstadt.freifunk.net> wrote:
>> Hi everyone,
>>
>> I'm currently building my first NAT64 setup and have stumbled upon a
>> problem.
>>
>> When I use our public IPv4 address as pool4 I can access the internet
>> just fine, except that I additionally need to be able to reach some
>> private ipv4 addresses over site-to-site tunnels as well, where that
>> source address doesn't work.
>>
>> This is why I though of using a bunch of private IPv4 addresses to map
>> the NAT64 against, so they'll work for the s2s tunnel and where I can
>> additionally make use of NAT44 towards the internet.
>>
>> The issue is that IPv4 packets created by Jool do not seem to pass the
>> nat postrouting chain in netfilter, where masquerading would happen.
>> Instead I now have private IPv4 address being used as saddr towards the
>> internet, which cannot work either.
>>
>> I'd appreciate some help!
>>
>>
>> Best regards,
>>
>> Martin
>> _______________________________________________
>> Jool-list mailing list
>> Jool-list at nic.mx
>> https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list