[Jool-list] not NAT64ing packets

Alberto Leiva ydahhrk at gmail.com
Tue Jan 7 14:56:47 CST 2020 

It seems the reason why it's not working is because Jool is lacking a pool6.
You cannot send arguments (such as pool6) when you enable Jool via
modprobe. This is an OpenWRT quirk.

Per the OpenWRT documentation ([0]), you have to use insmod:

        # insmod jool pool6=64:ff9b::/96

(You will first have to remove your current module via rmmod though.)

Or you can just ditch those obsolete module arguments and add pool6
via the client instead:

        # jool --pool6 --add 64:ff9b::/96

[0] https://jool.mx/en/openwrt.html

On Tue, Jan 7, 2020 at 12:57 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
>
> Also:
>
> > The router has since rebooted and
> > the module didn't get automatically reloaded, so I will have to
> > investigate why/how to do that, but that's not relevant here.
>
> Just to clarify: Version 3.5.6 did not include any boot-init scripts
> as far as I know.
>
> Unless you added this functionality yourself, not starting
> automatically on boot is expected behavior.
>
> On Tue, Jan 7, 2020 at 12:45 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
> >
> > Works for me. Though admittedly I'm testing 3.5.6 on Ubuntu since my
> > OpenWRT VM died some time ago.
> >
> > Will try to create a new OpenWRT VM. In the meantime, a couple of
> > typical troubleshooting questions off the top of my head:
> >
> > - Does your translator have a route towards 1.1.1.1? (Can you ping
> > both 2001:123:ab:123:16da:e9ff:fe48:f99e and 1.1.1.1 from the
> > translator when Jool isn't modprobed?)
> > - Is Jool printing something in dmesg?
> >
> > On Tue, Jan 7, 2020 at 10:23 AM Brian J. Murrell <brian at interlinx.bc.ca> wrote:
> > >
> > > I'm using 3.5.6.0 on OpenWrt 18.06.4.  Yes, I know it's old and
> > > stricken but it was working for me for a while and 19.07.x is right
> > > around the corner.  Hopefully.  :-)  The router has since rebooted and
> > > the module didn't get automatically reloaded, so I will have to
> > > investigate why/how to do that, but that's not relevant here.
> > >
> > > In any case after the reboot I inserted the module manually:
> > >
> > > # modprobe jool pool6=64:ff9b::/96
> > > # lsmod | grep jool
> > > crypto_hash             8288  2 jool,md5
> > > jool                  101424  0
> > > nf_defrag_ipv4           800  4 jool,xt_socket,xt_TPROXY,nf_conntrack_ipv4
> > > nf_defrag_ipv6          4304  4 jool,xt_socket,xt_TPROXY,nf_conntrack_ipv6
> > >
> > > So it seems to be loaded OK.  It just doesn't seem to be NAT64ing
> > > packets:
> > >
> > > # ping 64:ff9b::1.1.1.1
> > > PING 64:ff9b::1.1.1.1(64:ff9b::101:101) 56 data bytes
> > > [nothing]
> > >
> > > Those packets are making it to the router:
> > >
> > > # tcpdump -i br-lan -s 0 -n net 64:ff9b::/96
> > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> > > listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
> > > 11:18:40.500058 IP6 2001:123:ab:123:16da:e9ff:fe48:f99e > 64:ff9b::101:101: ICMP6, echo request, seq 53, length 64
> > > 11:18:41.524101 IP6 2001:123:ab:123:16da:e9ff:fe48:f99e > 64:ff9b::101:101: ICMP6, echo request, seq 54, length 64
> > > 11:18:42.548170 IP6 2001:123:ab:123:16da:e9ff:fe48:f99e > 64:ff9b::101:101: ICMP6, echo request, seq 55, length 64
> > > 11:18:43.572236 IP6 2001:123:ab:123:16da:e9ff:fe48:f99e > 64:ff9b::101:101: ICMP6, echo request, seq 56, length 64
> > >
> > > but the corresponding ipv4 packets are not being sent on the WAN
> > > interface:
> > >
> > > # tcpdump -i eth0.2 -n -s 0 host 1.1.1.1
> > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> > > listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
> > > ^C
> > > 0 packets captured
> > > 9 packets received by filter
> > > 0 packets dropped by kernel
> > >
> > > Is there something I am missing/forgetting other than to just "modprobe
> > > jool pool6=64:ff9b::/96"?
> > >
> > > Cheers,
> > > b.
> > >
> > > _______________________________________________
> > > Jool-list mailing list
> > > Jool-list at nic.mx
> > > https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list