[Jool-list] netfilter mode question or bug

Fri Dec 20 17:31:32 CST 2019

First draft:
https://nicmx.github.io/Jool/en/usr-flags-global.html#trace

the flag can be found in the latest commit in the master branch:
https://github.com/NICMx/Jool

On Fri, Dec 20, 2019 at 1:01 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
>
> Please note that you might need to update that page in case your
> browser cached it, because I just updated it.
>
> On Fri, Dec 20, 2019 at 1:00 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
> >
> > Currently, there is no tracing configuration flag. If you want, I can add it.
> >
> > For now, the closest thing is enabling debugging:
> > https://nicmx.github.io/Jool/en/logging.html
> >
> > On Fri, Dec 20, 2019 at 12:12 AM Fatih USTA <fatihusta86 at gmail.com> wrote:
> > >
> > >
> > > I rebooted my system and it worked. But I don't understand why?
> > > One more question. How can I trace traffic inside jool like "iptables
> > > TRACE" for debugging.
> > >
> > > BTW:
> > > jool netfilter/iptables worked without reboot.
> > >
> > >
> > > Thanks.
> > >
> > > Fatih USTA
> > >
> > > On 19.12.2019 19:11, Alberto Leiva wrote:
> > > > Did you try printing stats?
> > > > https://jool.mx/en/usr-flags-stats.html
> > > >
> > > > If Jool is the one dropping the packets, they should tell you why.
> > > >
> > > > On Thu, Dec 19, 2019 at 9:46 AM Alberto Leiva <ydahhrk at gmail.com> wrote:
> > > >> I hate to be asking this question but, did you try rebooting and doing
> > > >> a clean run?
> > > >>
> > > >> Because it works fine for me, even in my 32/64-bit hybrid...
> > > >>
> > > >> On Thu, Dec 19, 2019 at 4:54 AM Fatih USTA <fatihusta86 at gmail.com> wrote:
> > > >>>
> > > >>> Hi
> > > >>>
> > > >>> I'm following this(https://www.jool.mx/en/run-vanilla.html) guide.
> > > >>> IPTables mode working, but netfilter mode doesn't work. What am I
> > > >>> missing? or is this a bug?
> > > >>>
> > > >>>
> > > >>> jool_siit -V
> > > >>> 4.0.6.2 i386
> > > >>>
> > > >>> ip{6}tables -V
> > > >>> v1.6.0 i386
> > > >>>
> > > >>> uname -rm
> > > >>> 3.16.76-4.custom x86_64
> > > >>>
> > > >>>
> > > >>> PC1[eth0] <=>[eth1]Tranlator[eth2]<=>[eth0]PC2
> > > >>>
> > > >>>
> > > >>> #PC1
> > > >>> ip addr add 10.200.200.220/23 dev eth0
> > > >>> ip route add 10.100.100.0/24 via 10.200.200.16
> > > >>>
> > > >>> #Translator
> > > >>> ip addr add 10.200.200.16/23 dev eth1
> > > >>> ip addr add 2001:db8:a::10.100.100.2/120 dev eth2
> > > >>>
> > > >>> sysctl -w net.ipv4.conf.all.forwarding=1
> > > >>> sysctl -w net.ipv6.conf.all.forwarding=1
> > > >>>
> > > >>>
> > > >>> ethtool --offload eth1 gro off
> > > >>> ethtool --offload eth2 gro off
> > > >>>
> > > >>> lro already fixed off by kernel.
> > > >>>
> > > >>>
> > > >>> jool_siit instance add default --netfilter --pool6 2001:db8:a::/96
> > > >>>
> > > >>>
> > > >>> #PC2
> > > >>> ip add add 2001:db8:a::10.100.100.11/120 dev eth0
> > > >>> ip route add 2001:db8:a::10.200.200.0/119 via 2001:db8:a::10.100.100.2
> > > >>>
> > > >>>
> > > >>>
> > > >>> #Result of netfilter (on Translator)
> > > >>>
> > > >>> PC1>PC2
> > > >>> 12:44:12.234494 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
> > > >>> 9806, seq 1, length 64
> > > >>> 12:44:12.234647 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > >>> 10.100.100.11 unreachable, length 92
> > > >>> 12:44:13.255748 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
> > > >>> 9806, seq 2, length 64
> > > >>> 12:44:13.255825 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > >>> 10.100.100.11 unreachable, length 92
> > > >>> 12:44:14.279628 IP 10.200.200.220 > 10.100.100.11: ICMP echo request, id
> > > >>> 9806, seq 3, length 64
> > > >>> 12:44:14.279704 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > >>> 10.100.100.11 unreachable, length 92
> > > >>>
> > > >>>
> > > >>>
> > > >>> -- Fatih USTA
> > > >>> _______________________________________________
> > > >>> Jool-list mailing list
> > > >>> Jool-list at nic.mx
> > > >>> https://mail-lists.nic.mx/listas/listinfo/jool-list