[Jool-list] Trying to route local traffic via SIIT instance

Alberto Leiva ydahhrk at gmail.com
Mon Jun 29 08:06:03 CDT 2020 

Hi

Jool is currently hardcoded to only accept attachments to PREROUTING:
[0]. You cannot attach it to LOCAL_OUT. This means Jool cannot catch
packets generated by its own machine.
If you want Jool in LOCAL_OUT, please request the feature: [1]
Alternatively, you can enclose Jool in a network namespace: [2]

Good luck,
Alberto

[0] https://github.com/NICMx/Jool/blob/master/src/mod/common/xlator.c#L33
[1] https://github.com/NICMx/Jool
[2] https://jool.mx/en/node-based-translation.html

On Sun, Jun 28, 2020 at 2:16 PM Ben Hardill via Jool-list
<jool-list at nic.mx> wrote:
>
> Hi,
>
> I've been using Jool as part of a desktop ISP I've been playing with. I
> have a Pi as a PPPoE concentrator, another acting as a home PPPoE router
> and finally a third acting as a end user device (e.g. laptop/phone).
>
> I have a SIIT instance running on the router device mapping the local
> IPv4 range with the IPv6 prefix and the reveres mapping happening on the
> PPPoE concentrator. This is all working well with the end user device
> able to access the IPv4 address space.
>
>
>   **************     1     **************    2    **************
>   *     isp    *  <----->  *   router   * <-----> *   laptop   *
>   **************           **************         **************
>
>
> 1. IPv6 only
> 2. IPv4 & IPv6
>
> isp
> ---
>
> eth0 -> WAN IPv4 and IPv6 to the world
>
> eth1 -> PPPoE to router
>
> jool ->
>     jool instance add "example" --iptables  --pool6 64:ff9b::/96
>
>     ip6tables -t mangle -A PREROUTING -j JOOL --instance "example"
>     iptables -t mangle -A PREROUTING -j JOOL --instance "example"
>
>     jool -i "example" pool4 add -i 192.168.1.94 61000-65535
>     jool -i "example" pool4 add -t 192.168.1.94 61000-65535
>     jool -i "example" pool4 add -u 192.168.1.94 61000-65535
>
>
>
> router
> ------
>
> eth0 -> PPPoE to ISP comes with only a IPv6 and a 2 delegated IPv6
> ranges,  fd12:3456:789a:2::/64 for handing out to LAN device and
> fd12:3456:789a:f464:2::/96 to use as the prefix for the 464 translation
>
> eth1 -> 10.66.0.1/24 with
>  - DHCP handing out the rest of 10.66.0.0/24 to the LAN
>  - RADVD handing out /64
>
> jool ->
>     jool_siit instance add "example" --iptables --pool6 64:ff9b::/96
>     jool_siit -i "example" eamt add fd12:3456:789a:f464:2::/96 10.66.0.0/24
>     ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>     iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>
>
> The problem is on the router device, since it only has a IPv6 link to
> outside world and no IPv4 default route, I'm having problems reaching
> IPv4 addresses from the router.
>
> Can anybody suggest what iptables rules and/or route I need to add so
> IPv4 traffic from the router gets mapped through jool?
>
>
> Thank,
>
> Ben
> --
> http://www.hardill.me.uk/wordpress
> http://about.me/hardillb
> http://flickr.com/photos/hardillb/
> http://last.fm/user/hardillb
> https://keybase.io/hardillb
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list