[Jool-list] HINT: Jool capability

Kunal Chauhan atkunalchauhan at gmail.com
Mon May 25 04:55:09 CDT 2020 

alberto,

Q Is jool behaviour will be different  if we add  some   router or linux
system  to reach to node B. as the scenario is explain below.
     I am trying to clear below concept the theoretically first before
going for any change to network.

node A  ------           Jool           ------node(i)  ------- node B
1234::6          1234::1 | 1.2.3.1          172..x.x.x       104.X.X.x

On Tue, May 19, 2020 at 9:29 PM Alberto Leiva <ydahhrk at gmail.com> wrote:

> pool4 is not the addresses of the remote node.
> pool4 is the addresses you want jool to mask packets with.
>
> Suppose you have the following network:
>
> node A  ------           Jool            -------------- node B
> 1234::6          1234::1 | 1.2.3.1                     1.2.3.4
>
> And suppose Jool's pool6 is 64::/96, and its pool4 is 1.2.3.1 with
> ports 100-200:
>
> Node A wants to access an HTTP server in node B, so it writes the
> following packet:
>
>     [1234::6]:4321 -> [64::1.2.3.4]:80
>
> Where 4321 was a port assigned randomly.
>
> Jool translates that into the following packet:
>
>     1.2.3.1:150 -> 1.2.3.4:80
>
> pool4 was what it used to decide the source address. It wouldn't have
> chosen, for example, 1.2.3.1:1000, because that's not in pool4. The
> 150 was chosen randomly, but only from the range 100-200.
>
> The destination address (1.2.3.4:80) is computed entirely from
> [64::1.2.3.4]:80. pool4 has nothing to do with it.
>
> On Mon, May 18, 2020 at 8:20 PM Kunal Chauhan <atkunalchauhan at gmail.com>
> wrote:
> >
> > alberto,
> >
> > Regarding pool4 modification:
> >
> > IF jool machine is able to ping to 104.x.x.x then ,Should pool4 should
> be modify?
> >
> > as current pool4 showed entry like 172.x.x.x
> >
> > pool4 may have multiple entry of different class of IP. ?
> >
> >
> >
> > On Tue, May 19, 2020 at 12:40 AM Kunal Chauhan <atkunalchauhan at gmail.com>
> wrote:
> >>
> >> Alberto,
> >>
> >> Thanking you very much.
> >>  I will take your advice as valuable feed back and  troublshoot for the
> same that is my job.
> >>
> >>
> >>
> >> On 19 May 2020 12:36 a.m., "Alberto Leiva" <ydahhrk at gmail.com> wrote:
> >>
> >> Ok, then you'll have to fix those problems before worrying about A.
> >> You can't expect A to reach B through J if J itself can't reach B.
> >> This is probably a routing problem, and it definitely doesn't have
> >> anything to do with IP translation.
> >> I'm sorry, but it's not my job to help you troubleshoot this problem.
> >>
> >> On Mon, May 18, 2020 at 1:54 PM Kunal Chauhan <atkunalchauhan at gmail.com>
> wrote:
> >> >
> >> > Alberto,
> >> >
> >> > Quoting below point:
> >> >
> >> > 2.1. If you ping 104.x.x.x from Jool, does it work?
> >> > 2.2. If you ping ::ffff:68c6:b6f7 from Jool, does it work?
> >> >
> >> > >>>2.1  jool machine is not able to ping to 104.x.x.x
> >> >
> >> > >>> 2.2 this is also not working
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On 19 May 2020 12:13 a.m., "Alberto Leiva" <ydahhrk at gmail.com> wrote:
> >> >
> >> > > 1. Node B is not under my control i know its ipv4 addres only. Like
> 104.x.x.x
> >> >
> >> > 1.1. Then what is the problem with "ping6 2001:ab5::104.X.X.X"?
> >> >
> >> > > 2. Node A and jool machine are in my internal network as range for
> ipv4 is 172.x.x.x and ipv6 is 2001:xxxx....
> >> >
> >> > 2.1. If you ping 104.x.x.x from Jool, does it work?
> >> > 2.2. If you ping ::ffff:68c6:b6f7 from Jool, does it work?
> >> >
> >> > On Mon, May 18, 2020 at 1:35 PM Kunal Chauhan <
> atkunalchauhan at gmail.com> wrote:
> >> > >
> >> > > Alberto,
> >> > >
> >> > > Actually i might have missed to explain below points for latest
> scenerio.
> >> > >
> >> > > 1. Node B is not under my control i know its ipv4 addres only. Like
> 104.x.x.x
> >> > >
> >> > > So i can not add any thing at node B side
> >> > >
> >> > > 2. Node A and jool machine are in my internal network as range for
> ipv4 is 172.x.x.x and ipv6 is 2001:xxxx....
> >> > >
> >> > > On 18 May 2020 11:47 p.m., "Alberto Leiva" <ydahhrk at gmail.com>
> wrote:
> >> > >>
> >> > >> Ok, then enable IPv6 forwarding in Jool if you haven't already:
> >> > >>
> >> > >>     kunal at JOOL:~# sysctl -w net.ipv6.conf.all.forwarding=1
> >> > >>
> >> > >> And make sure A and B can reach each other through Jool's machine.
> For example:
> >> > >>
> >> > >>     kunal at A:~# ip route add ::ffff:68c6:b6f7 via <Jool machine's
> >> > >> A-facing IPv6 address>
> >> > >>
> >> > >> ---
> >> > >>
> >> > >>     kunal at B:~# ip route add 2001:ab5:0:1::/64 via <Jool machine's
> >> > >> B-facing IPv6 address>
> >> > >>
> >> > >> Then, do the ping:
> >> > >>
> >> > >>     kunal at A:~# ping6 ::ffff:68c6:b6f7
> >> > >>
> >> > >> Which should create the following packet flow:
> >> > >>
> >> > >> 1. A sends ping request "2001:ab5:0:1::x -> ::ffff:68c6:b6f7"
> >> > >> 2. Jool does not translate that packet, but its Linux host instead
> >> > >> routes it normally towards B.
> >> > >> 3. B replies "::ffff:68c6:b6f7 -> 2001:ab5:0:1::x"
> >> > >> 4. Jool does not translate that packet, but its Linux host instead
> >> > >> routes it normally towards A.
> >> > >> 5. A receives the reply.
> >> >
> >> >
> >>
> >>
> >
> >
> > --
> > Thanks with Regards!
> >
> > Kunal Chauhan
> > Mob:09813614826
> > Mob:08860397903
> > E-mail:atkunalchauhan at gmail.com
> >
>


-- 
*Thanks with Regards!*

*Kunal Chauhan*
*Mob:09813614826*
*Mob:08860397903*

*E-mail:atkunalchauhan at gmail.com <E-mail%3Aatkunalchauhan at gmail.com>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20200525/2d16b884/attachment.htm>

More information about the Jool-list mailing list