[Jool-list] DNAT "port mapping" through jool?

Art Cancro Art.Cancro at tierpoint.com
Fri Feb 19 09:04:48 CST 2021 

I think I got it working, but if someone could tell me whether this is "correct" or if there's a better way, I would appreciate it; or if this is the best way then it could be added to the documentation.

# First create the instance and set up the pool6
jool instance add --netfilter --pool6 xxxx:xxxx::/96

# Then put ALL ports of the gateway's IPv4 address into the pool4
jool pool4 add --tcp 100.127.255.253 1-65535
jool pool4 add --udp 100.127.255.253 1-65535
jool pool4 add --icmp 100.127.255.253 1-65535

# At this point, I can create static BIB entries
jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80

My guess is that when you create the instance, it is willing to use any outbound IPv4 address, but as soon as you add a pool4, it restricts to that, and since I only put one port (80/tcp) into it, everything else got closed off.  Am I right about that?

Again, many thanks; jool is solving a LOT of problems in my data centers.

-- Art



From: Jool-list <jool-list-bounces at nic.mx> On Behalf Of Art Cancro via Jool-list
Sent: Thursday, February 18, 2021 6:48 PM
To: Alberto Leiva <ydahhrk at gmail.com>
Cc: jool-list at nic.mx
Subject: Re: [Jool-list] DNAT "port mapping" through jool? [EXTERNAL]

Manual entry to bib table looks like the right approach.   I tried it today.  100.127.255.253 is the interface on the IPv4 side of my jool machine, and we are successfully doing NAT64 of a /96 block towards the IPv4 side...

So as a test I am trying to see if we can get clients who connect to 100.127:255:253#80 to get the HTTP server at 2607:f8b0:4002:c02::8a#80 (which is google, but again it's just a test)

So the command appears to be:

jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80

And the error response is:

Error: The kernel module returned error 22: The transport address '100.127.255.253#80' does not belong to pool4.  Please add it there  first.

So I tried:

jool pool4 add --tcp 100.127.255.253 80
jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80

This works for outbound connections, but it broke the NAT64 inbound connections.

Does jool support pool6 IPv6-->IPv4 and manual bib IPv4-->IPv6 at the same time?


From: Alberto Leiva <ydahhrk at gmail.com>

Woops, I meant

sudo jool bib add cafe::1#80 203.0.113.1#80

On Wed, Feb 17, 2021 at 12:29 PM Alberto Leiva <ydahhrk at gmail.com<mailto:ydahhrk at gmail.com>> wrote:
Try

sudo jool bib add <Address of IPv6 server>#<Port of IPv6 server> <IPv4 address of Jool>#<Port of Jool mask>
sudo jool bib add cafe::1#80 203.0.113.1:80<https://urldefense.com/v3/__http:/203.0.113.1:80__;!!LG9nLpOADg!B0yOLRqgb1DOljIz2V9bEd4Mmh0WJBBI_7SohIfZjT5ahPhvAWSGwHfF995pmBnNuw$>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20210219/490b44fd/attachment-0001.htm>

More information about the Jool-list mailing list