[Jool-list] Trying to route local traffic via SIIT instance

Alberto Leiva ydahhrk at gmail.com
Mon Jun 29 09:37:40 CDT 2020 

I understand that you can enable IPv4 inside IPv6 only networks for
applications by doing the network namespace trick.
I don't see LOCAL_OUT as a new feature, but rather as an easier means
to do something that's already supported.

On Mon, Jun 29, 2020 at 8:11 AM Nico Schottelius
<nico.schottelius at ungleich.ch> wrote:
>
>
> A note from my side: as soon as Jool has LOCAL_OUT support, it can act
> to enable IPv4 inside IPv6 only networks for applications - so quite a
> huge use case added.
>
> My 2 Swiss Rappen,
>
> Nico
>
> Alberto Leiva via Jool-list <jool-list at nic.mx> writes:
>
> > Hi
> >
> > Jool is currently hardcoded to only accept attachments to PREROUTING:
> > [0]. You cannot attach it to LOCAL_OUT. This means Jool cannot catch
> > packets generated by its own machine.
> > If you want Jool in LOCAL_OUT, please request the feature: [1]
> > Alternatively, you can enclose Jool in a network namespace: [2]
> >
> > Good luck,
> > Alberto
> >
> > [0] https://github.com/NICMx/Jool/blob/master/src/mod/common/xlator.c#L33
> > [1] https://github.com/NICMx/Jool
> > [2] https://jool.mx/en/node-based-translation.html
> >
> > On Sun, Jun 28, 2020 at 2:16 PM Ben Hardill via Jool-list
> > <jool-list at nic.mx> wrote:
> >>
> >> Hi,
> >>
> >> I've been using Jool as part of a desktop ISP I've been playing with. I
> >> have a Pi as a PPPoE concentrator, another acting as a home PPPoE router
> >> and finally a third acting as a end user device (e.g. laptop/phone).
> >>
> >> I have a SIIT instance running on the router device mapping the local
> >> IPv4 range with the IPv6 prefix and the reveres mapping happening on the
> >> PPPoE concentrator. This is all working well with the end user device
> >> able to access the IPv4 address space.
> >>
> >>
> >>   **************     1     **************    2    **************
> >>   *     isp    *  <----->  *   router   * <-----> *   laptop   *
> >>   **************           **************         **************
> >>
> >>
> >> 1. IPv6 only
> >> 2. IPv4 & IPv6
> >>
> >> isp
> >> ---
> >>
> >> eth0 -> WAN IPv4 and IPv6 to the world
> >>
> >> eth1 -> PPPoE to router
> >>
> >> jool ->
> >>     jool instance add "example" --iptables  --pool6 64:ff9b::/96
> >>
> >>     ip6tables -t mangle -A PREROUTING -j JOOL --instance "example"
> >>     iptables -t mangle -A PREROUTING -j JOOL --instance "example"
> >>
> >>     jool -i "example" pool4 add -i 192.168.1.94 61000-65535
> >>     jool -i "example" pool4 add -t 192.168.1.94 61000-65535
> >>     jool -i "example" pool4 add -u 192.168.1.94 61000-65535
> >>
> >>
> >>
> >> router
> >> ------
> >>
> >> eth0 -> PPPoE to ISP comes with only a IPv6 and a 2 delegated IPv6
> >> ranges,  fd12:3456:789a:2::/64 for handing out to LAN device and
> >> fd12:3456:789a:f464:2::/96 to use as the prefix for the 464 translation
> >>
> >> eth1 -> 10.66.0.1/24 with
> >>  - DHCP handing out the rest of 10.66.0.0/24 to the LAN
> >>  - RADVD handing out /64
> >>
> >> jool ->
> >>     jool_siit instance add "example" --iptables --pool6 64:ff9b::/96
> >>     jool_siit -i "example" eamt add fd12:3456:789a:f464:2::/96 10.66.0.0/24
> >>     ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
> >>     iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
> >>
> >>
> >> The problem is on the router device, since it only has a IPv6 link to
> >> outside world and no IPv4 default route, I'm having problems reaching
> >> IPv4 addresses from the router.
> >>
> >> Can anybody suggest what iptables rules and/or route I need to add so
> >> IPv4 traffic from the router gets mapped through jool?
> >>
> >>
> >> Thank,
> >>
> >> Ben
> >> --
> >> http://www.hardill.me.uk/wordpress
> >> http://about.me/hardillb
> >> http://flickr.com/photos/hardillb/
> >> http://last.fm/user/hardillb
> >> https://keybase.io/hardillb
> >> _______________________________________________
> >> Jool-list mailing list
> >> Jool-list at nic.mx
> >> https://mail-lists.nic.mx/listas/listinfo/jool-list
> > _______________________________________________
> > Jool-list mailing list
> > Jool-list at nic.mx
> > https://mail-lists.nic.mx/listas/listinfo/jool-list
>
>
> --
> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

More information about the Jool-list mailing list