[Jool-list] jool_siit Advice

Jeremy Oglesby jroglesb at uncg.edu
Fri Apr 9 15:20:41 CDT 2021 

I'm not sure if this is the right list for this question, if not, please
point me in the right direction.

The University of North Carolina at Greensboro is in the process of
standing up an IPv6-only Research DMZ.  To facilitate communication with
the IPv4 Internet we're planning to use NAT64/DNS64 and have been advised
by several other Universities to use Jool.

I've got Jool installed in Centos 8 and it seems to work in Stateless mode
but not Stateful.  I've tried both pool6 and an EAMT list and the packets
still don't seem to match.  Maybe I'm missing something simple in my config.

=======
WORKS
=======

sudo /usr/local/bin/jool instance add "stateful" --netfilter --pool6
2600:2701:1010:64::/96

GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_CORE
PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes
64 bytes from 2600:2701:1010:64::808:808: icmp_seq=0 time=9.048 ms
64 bytes from 2600:2701:1010:64::808:808: icmp_seq=1 time=8.538 ms
64 bytes from 2600:2701:1010:64::808:808: icmp_seq=2 time=8.457 ms
64 bytes from 2600:2701:1010:64::808:808: icmp_seq=3 time=8.49 ms
64 bytes from 2600:2701:1010:64::808:808: icmp_seq=4 time=8.438 ms

==============
DOESN"T WORK
==============

sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6
2600:2701:1010:64::/96

OR

sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter
sudo /usr/local/bin/jool_siit -i "stateless" eamt add
2600:2701:1010:64::/96 152.13.0.64/27

sudo /usr/local/bin/jool_siit -i "stateless" eamt display
+---------------------------------------------+--------------------+
|                                 IPv6 Prefix |        IPv4 Prefix |
+---------------------------------------------+--------------------+
|                     2600:2701:1010:64::/96  |     152.13.0.64/27 |
+---------------------------------------------+--------------------+

GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_PUBLIC
PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes
Request 0 timed out
112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address
unreachable
112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address
unreachable
Request 3 timed out
112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address
unreachable

Debug:
[282174.404533] Jool SIIT/8899d1c0/stateless: Packet:
2600:2700:20c:2::3->2600:2701:1010:64::808:808
[282174.405238] Jool SIIT/8899d1c0/stateless:
===============================================
[282174.405945] Jool SIIT/8899d1c0/stateless: ICMPv6 type:128 code:0 id:4861
[282174.405947] Jool SIIT/8899d1c0/stateless: Translating the Packet.

-- 

Jeremy Oglesby
Network Architect
Information Technology Services
UNC Greensboro
+1.336.334.3583 (office)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20210409/b604d8f8/attachment.htm>

More information about the Jool-list mailing list