[Jool-list] netfilter mode question or bug

Fatih USTA fatihusta86 at gmail.com
Fri Dec 20 00:12:55 CST 2019 

I rebooted my system and it worked. But I don't understand why?
One more question. How can I trace traffic inside jool like "iptables 
TRACE" for debugging.

BTW:
jool netfilter/iptables worked without reboot.


Thanks.

Fatih USTA

On 19.12.2019 19:11, Alberto Leiva wrote:
> Did you try printing stats?
> https://jool.mx/en/usr-flags-stats.html
>
> If Jool is the one dropping the packets, they should tell you why.
>
> On Thu, Dec 19, 2019 at 9:46 AM Alberto Leiva <ydahhrk at gmail.com> wrote:
>> I hate to be asking this question but, did you try rebooting and doing
>> a clean run?
>>
>> Because it works fine for me, even in my 32/64-bit hybrid...
>>
>> On Thu, Dec 19, 2019 at 4:54 AM Fatih USTA <fatihusta86 at gmail.com> wrote:
>>>
>>> Hi
>>>
>>> I'm following this(https://www.jool.mx/en/run-vanilla.html) guide.
>>> IPTables mode working, but netfilter mode doesn't work. What am I
>>> missing? or is this a bug?
>>>
>>>
>>> jool_siit -V
>>> 4.0.6.2 i386
>>>
>>> ip{6}tables -V
>>> v1.6.0 i386
>>>
>>> uname -rm
>>> 3.16.76-4.custom x86_64
>>>
>>>
>>> PC1[eth0] <=>[eth1]Tranlator[eth2]<=>[eth0]PC2
>>>
>>>
>>> #PC1
>>> ip addr add 10.200.200.220/23 dev eth0
>>> ip route add 10.100.100.0/24 via 10.200.200.16
>>>
>>> #Translator
>>> ip addr add 10.200.200.16/23 dev eth1
>>> ip addr add 2001:db8:a::10.100.100.2/120 dev eth2
>>>
>>> sysctl -w net.ipv4.conf.all.forwarding=1
>>> sysctl -w net.ipv6.conf.all.forwarding=1
>>>
>>>
>>> ethtool --offload eth1 gro off
>>> ethtool --offload eth2 gro off
>>>
>>> lro already fixed off by kernel.
>>>
>>>
>>> jool_siit instance add default --netfilter --pool6 2001:db8:a::/96
>>>
>>>
>>> #PC2
>>> ip add add 2001:db8:a::10.100.100.11/120 dev eth0
>>> ip route add 2001:db8:a::10.200.200.0/119 via 2001:db8:a::10.100.100.2
>>>
>>>
>>>
>>> #Result of netfilter (on Translator)
>>>
>>> PC1>PC2
>>> 12:44:12.234494 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
>>> 9806, seq 1, length 64
>>> 12:44:12.234647 IP 10.200.200.16 > 10.200.200.220: ICMP net
>>> 10.100.100.11 unreachable, length 92
>>> 12:44:13.255748 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
>>> 9806, seq 2, length 64
>>> 12:44:13.255825 IP 10.200.200.16 > 10.200.200.220: ICMP net
>>> 10.100.100.11 unreachable, length 92
>>> 12:44:14.279628 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
>>> 9806, seq 3, length 64
>>> 12:44:14.279704 IP 10.200.200.16 > 10.200.200.220: ICMP net
>>> 10.100.100.11 unreachable, length 92
>>>
>>>
>>>
>>> -- Fatih USTA
>>> _______________________________________________
>>> Jool-list mailing list
>>> Jool-list at nic.mx
>>> https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list