[Jool-list] Trying to route local traffic via SIIT instance

Nico Schottelius nico.schottelius at ungleich.ch
Mon Jun 29 13:32:11 CDT 2020 

You might be right. The use case I see is:

- computer/system x has legacy apps installed
- computer/system x just installs jool and maps v4 addresses into
  port range
- legacy apps now can run on IPv6 only hosts

So very similar operation to https://github.com/toreanderson/clatd.
Which, for no surprise, currently relies on tayga.

Cheers,

Nico


Alberto Leiva <ydahhrk at gmail.com> writes:

> I understand that you can enable IPv4 inside IPv6 only networks for
> applications by doing the network namespace trick.
> I don't see LOCAL_OUT as a new feature, but rather as an easier means
> to do something that's already supported.
>
> On Mon, Jun 29, 2020 at 8:11 AM Nico Schottelius
> <nico.schottelius at ungleich.ch> wrote:
>>
>>
>> A note from my side: as soon as Jool has LOCAL_OUT support, it can act
>> to enable IPv4 inside IPv6 only networks for applications - so quite a
>> huge use case added.
>>
>> My 2 Swiss Rappen,
>>
>> Nico
>>
>> Alberto Leiva via Jool-list <jool-list at nic.mx> writes:
>>
>> > Hi
>> >
>> > Jool is currently hardcoded to only accept attachments to PREROUTING:
>> > [0]. You cannot attach it to LOCAL_OUT. This means Jool cannot catch
>> > packets generated by its own machine.
>> > If you want Jool in LOCAL_OUT, please request the feature: [1]
>> > Alternatively, you can enclose Jool in a network namespace: [2]
>> >
>> > Good luck,
>> > Alberto
>> >
>> > [0] https://github.com/NICMx/Jool/blob/master/src/mod/common/xlator.c#L33
>> > [1] https://github.com/NICMx/Jool
>> > [2] https://jool.mx/en/node-based-translation.html
>> >
>> > On Sun, Jun 28, 2020 at 2:16 PM Ben Hardill via Jool-list
>> > <jool-list at nic.mx> wrote:
>> >>
>> >> Hi,
>> >>
>> >> I've been using Jool as part of a desktop ISP I've been playing with. I
>> >> have a Pi as a PPPoE concentrator, another acting as a home PPPoE router
>> >> and finally a third acting as a end user device (e.g. laptop/phone).
>> >>
>> >> I have a SIIT instance running on the router device mapping the local
>> >> IPv4 range with the IPv6 prefix and the reveres mapping happening on the
>> >> PPPoE concentrator. This is all working well with the end user device
>> >> able to access the IPv4 address space.
>> >>
>> >>
>> >>   **************     1     **************    2    **************
>> >>   *     isp    *  <----->  *   router   * <-----> *   laptop   *
>> >>   **************           **************         **************
>> >>
>> >>
>> >> 1. IPv6 only
>> >> 2. IPv4 & IPv6
>> >>
>> >> isp
>> >> ---
>> >>
>> >> eth0 -> WAN IPv4 and IPv6 to the world
>> >>
>> >> eth1 -> PPPoE to router
>> >>
>> >> jool ->
>> >>     jool instance add "example" --iptables  --pool6 64:ff9b::/96
>> >>
>> >>     ip6tables -t mangle -A PREROUTING -j JOOL --instance "example"
>> >>     iptables -t mangle -A PREROUTING -j JOOL --instance "example"
>> >>
>> >>     jool -i "example" pool4 add -i 192.168.1.94 61000-65535
>> >>     jool -i "example" pool4 add -t 192.168.1.94 61000-65535
>> >>     jool -i "example" pool4 add -u 192.168.1.94 61000-65535
>> >>
>> >>
>> >>
>> >> router
>> >> ------
>> >>
>> >> eth0 -> PPPoE to ISP comes with only a IPv6 and a 2 delegated IPv6
>> >> ranges,  fd12:3456:789a:2::/64 for handing out to LAN device and
>> >> fd12:3456:789a:f464:2::/96 to use as the prefix for the 464 translation
>> >>
>> >> eth1 -> 10.66.0.1/24 with
>> >>  - DHCP handing out the rest of 10.66.0.0/24 to the LAN
>> >>  - RADVD handing out /64
>> >>
>> >> jool ->
>> >>     jool_siit instance add "example" --iptables --pool6 64:ff9b::/96
>> >>     jool_siit -i "example" eamt add fd12:3456:789a:f464:2::/96 10.66.0.0/24
>> >>     ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>> >>     iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
>> >>
>> >>
>> >> The problem is on the router device, since it only has a IPv6 link to
>> >> outside world and no IPv4 default route, I'm having problems reaching
>> >> IPv4 addresses from the router.
>> >>
>> >> Can anybody suggest what iptables rules and/or route I need to add so
>> >> IPv4 traffic from the router gets mapped through jool?
>> >>
>> >>
>> >> Thank,
>> >>
>> >> Ben
>> >> --
>> >> http://www.hardill.me.uk/wordpress
>> >> http://about.me/hardillb
>> >> http://flickr.com/photos/hardillb/
>> >> http://last.fm/user/hardillb
>> >> https://keybase.io/hardillb
>> >> _______________________________________________
>> >> Jool-list mailing list
>> >> Jool-list at nic.mx
>> >> https://mail-lists.nic.mx/listas/listinfo/jool-list
>> > _______________________________________________
>> > Jool-list mailing list
>> > Jool-list at nic.mx
>> > https://mail-lists.nic.mx/listas/listinfo/jool-list
>>
>>
>> --
>> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch


--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

More information about the Jool-list mailing list