[Jool-list] Jool double translation (src+dst) with siit?

Alberto Leiva ydahhrk at gmail.com
Tue Feb 4 12:07:19 CST 2020 

Ahh. I just read Jordi's answer in the mailing list. Hasn't  reached
my inbox for some reason. I think I understand the question a bit
better now.

If Nico is asking whether one Jool instance can do both the CLAT and
the PLAT work at the same time, then the answer is, as far as I know,
no. You need two instances to accomplish what you want.

You can enclose each instance in a separate network namespace if
you're constrained to do everything in the same box. Something like
this: [1]

[1] https://jool.mx/en/node-based-translation.html

On Tue, Feb 4, 2020 at 9:17 AM Alberto Leiva <ydahhrk at gmail.com> wrote:
>
> This seems like a typical 464XLAT configuration [0]. I'm not sure if I
> understand the question. The NAT64 in router2 would translate the
> source address; why do you think it wouldn't? It needs a functional
> IPv4 source address to assemble a full IPv4 header.
>
> router2 will use its own IPv4 address (or whatever you added into
> pool4) to masquerade the 2001:db8:2::/96 address.
>
> [0] https://jool.mx/en/464xlat.html
>
> On Sun, Feb 2, 2020 at 3:24 PM Nico Schottelius
> <nico.schottelius at ungleich.ch> wrote:
> >
> >
> > Hello,
> >
> > is it conceptually possible with 1 jool instance to translate both the
> > source and the destination address in one run or do I need to stack two
> > jool instances?
> >
> > The problem I am trying to solve is as follows:
> >
> > [ IPv4 only network, i.e. 192.168.0.0/24 ]
> > ---> [ Router1: IPv4 -> IPv6 ]
> > ------> [ IPv6 only network, i.e. 2001:db8:1::/64 ]
> > -----------> [ Router2 with IPv4 + IPv6 + NAT64 ]
> >
> > So router1 would do the following:
> >
> > - translate source address 192.168.0.0/24 => 2001:db8:2::/120 [jool
> >   siit]
> > - translate destination address X.Y.Z.A => 2001:db8:3::/96 [ nat64
> >   prefix ]
> >
> > Then the packet would be routed to router2, which is connected to the
> > real Internet and do the following:
> >
> > - See that 2001:db8:3::/96 is actually a nat64 prefix -> translate to
> >   IPv4
> > - Has NAT64 -> create a dynamic session entry for the source address in
> >   2001:db8:2::/120
> >
> > router2 is as standard nat64 case.
> >
> > If I am not mistaken, router1 should be able to solve it with 2 eamt
> > entries on the line of
> >
> >   "eamt": [
> >     {
> >       "ipv6 prefix": "2001:db8:2::/120",
> >       "ipv4 prefix": "192.168.0.0/24"
> >     {
> >       "ipv6 prefix": "2001:db8:3::/96",
> >       "ipv4 prefix": "0.0.0.0/0"
> >     }
> >   ]
> >
> > I'll try this out tomorrow, but does anything speak against src + dst
> > translation this way?
> >
> > Best,
> >
> > Nico
> >
> >
> > --
> > Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
> > _______________________________________________
> > Jool-list mailing list
> > Jool-list at nic.mx
> > https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list