[Jool-list] Trying to route local traffic via SIIT instance

Nico Schottelius nico.schottelius at ungleich.ch
Mon Jun 29 08:11:15 CDT 2020 

A note from my side: as soon as Jool has LOCAL_OUT support, it can act
to enable IPv4 inside IPv6 only networks for applications - so quite a
huge use case added.

My 2 Swiss Rappen,

Nico

Alberto Leiva via Jool-list <jool-list at nic.mx> writes:

> Hi
>
> Jool is currently hardcoded to only accept attachments to PREROUTING:
> [0]. You cannot attach it to LOCAL_OUT. This means Jool cannot catch
> packets generated by its own machine.
> If you want Jool in LOCAL_OUT, please request the feature: [1]
> Alternatively, you can enclose Jool in a network namespace: [2]
>
> Good luck,
> Alberto
>
> [0] https://github.com/NICMx/Jool/blob/master/src/mod/common/xlator.c#L33
> [1] https://github.com/NICMx/Jool
> [2] https://jool.mx/en/node-based-translation.html
>
> On Sun, Jun 28, 2020 at 2:16 PM Ben Hardill via Jool-list
> <jool-list at nic.mx> wrote:
>>
>> Hi,
>>
>> I've been using Jool as part of a desktop ISP I've been playing with. I
>> have a Pi as a PPPoE concentrator, another acting as a home PPPoE router
>> and finally a third acting as a end user device (e.g. laptop/phone).
>>
>> I have a SIIT instance running on the router device mapping the local
>> IPv4 range with the IPv6 prefix and the reveres mapping happening on the
>> PPPoE concentrator. This is all working well with the end user device
>> able to access the IPv4 address space.
>>
>>
>>   **************     1     **************    2    **************
>>   *     isp    *  <----->  *   router   * <-----> *   laptop   *
>>   **************           **************         **************
>>
>>
>> 1. IPv6 only
>> 2. IPv4 & IPv6
>>
>> isp
>> ---
>>
>> eth0 -> WAN IPv4 and IPv6 to the world
>>
>> eth1 -> PPPoE to router
>>
>> jool ->
>>     jool instance add "example" --iptables  --pool6 64:ff9b::/96
>>
>>     ip6tables -t mangle -A PREROUTING -j JOOL --instance "example"
>>     iptables -t mangle -A PREROUTING -j JOOL --instance "example"
>>
>>     jool -i "example" pool4 add -i 192.168.1.94 61000-65535
>>     jool -i "example" pool4 add -t 192.168.1.94 61000-65535
>>     jool -i "example" pool4 add -u 192.168.1.94 61000-65535
>>
>>
>>
>> router
>> ------
>>
>> eth0 -> PPPoE to ISP comes with only a IPv6 and a 2 delegated IPv6
>> ranges,  fd12:3456:789a:2::/64 for handing out to LAN device and
>> fd12:3456:789a:f464:2::/96 to use as the prefix for the 464 translation
>>
>> eth1 -> 10.66.0.1/24 with
>>  - DHCP handing out the rest of 10.66.0.0/24 to the LAN
>>  - RADVD handing out /64
>>
>> jool ->
>>     jool_siit instance add "example" --iptables --pool6 64:ff9b::/96
>>     jool_siit -i "example" eamt add fd12:3456:789a:f464:2::/96 10.66.0.0/24
>>     ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>>     iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>>
>>
>> The problem is on the router device, since it only has a IPv6 link to
>> outside world and no IPv4 default route, I'm having problems reaching
>> IPv4 addresses from the router.
>>
>> Can anybody suggest what iptables rules and/or route I need to add so
>> IPv4 traffic from the router gets mapped through jool?
>>
>>
>> Thank,
>>
>> Ben
>> --
>> http://www.hardill.me.uk/wordpress
>> http://about.me/hardillb
>> http://flickr.com/photos/hardillb/
>> http://last.fm/user/hardillb
>> https://keybase.io/hardillb
>> _______________________________________________
>> Jool-list mailing list
>> Jool-list at nic.mx
>> https://mail-lists.nic.mx/listas/listinfo/jool-list
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list


--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

More information about the Jool-list mailing list