[Jool-list] Using Jool with nftables

Thu May 2 14:01:51 CDT 2019

Hi

I don't know much about nftables, but I don't think that this is
possible out of the box.
According to this post, nftables has its own kernel-side interface,
which Jool is currently not using:
https://zasdfgbnm.github.io/2017/09/07/Extending-nftables/
You might want to file a bug requesting nftables support:
https://github.com/NICMx/Jool/issues

On Thu, May 2, 2019 at 2:12 AM Nico Schottelius
<nico.schottelius at ungleich.ch> wrote:
>
>
> Good morning,
>
> I just wanted to give jool a try on a network that uses nftables.
> Does anyone know how the mangle commands from the stateful NAT64 would
> translate to nft?
>
> Specifically I am looking for translating the following ip(6)tables
> commands:
>
> user at T:~# ip6tables -t mangle -A PREROUTING \
> >               -d 64:ff9b::/96 \
> >               -j JOOL --instance "example"
> user at T:~# iptables  -t mangle -A PREROUTING \
> >               -d 203.0.113.1 -p tcp --dport 61001:65535 \
> >               -j JOOL --instance "example"
> user at T:~# iptables  -t mangle -A PREROUTING \
> >               -d 203.0.113.1 -p udp --dport 61001:65535 \
> >               -j JOOL --instance "example"
> user at T:~# iptables  -t mangle -A PREROUTING \
> >               -d 203.0.113.1 -p icmp \
> >               -j JOOL --instance "example"
>
>
> I am not sure how to translate the -j JOOL and --instance to nft speech.
>
> Any point would be appreciated!
>
> Best,
>
> Nico
>
>
>
> --
> Your Swiss, Open Source and IPv6 Virtual Machine. Now on www.datacenterlight.ch.
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list