[Jool-list] DNAT "port mapping" through jool?

Alberto Leiva ydahhrk at gmail.com
Fri Feb 19 12:05:38 CST 2021 

> My guess is that when you create the instance, it is willing to use any
outbound IPv4 address, but as soon as you add a pool4, it restricts to
that, and since I only put one port (80/tcp) into it, everything else got
closed off.  Am I right about that?

Yes, that's exactly what's happening. [0]

> # Then put ALL ports of the gateway's IPv4 address into the pool4

Just be aware that, if you add the entire 100.127.255.253 address to Jool,
Linux will not be reliably able to use it for anything else. If the node
doesn't have any other IPv4 address, you might want to leave some room for
the ephemeral range. [1]

[0] https://jool.mx/en/usr-flags-pool4.html#empty-pool4
[1] https://jool.mx/en/usr-flags-pool4.html#port-range

On Fri, Feb 19, 2021 at 9:05 AM Art Cancro via Jool-list <jool-list at nic.mx>
wrote:

> I think I got it working, but if someone could tell me whether this is
> "correct" or if there's a better way, I would appreciate it; or if this is
> the best way then it could be added to the documentation.
>
>
>
> # First create the instance and set up the pool6
>
> jool instance add --netfilter --pool6 xxxx:xxxx::/96
>
>
>
> # Then put ALL ports of the gateway's IPv4 address into the pool4
>
> jool pool4 add --tcp 100.127.255.253 1-65535
>
> jool pool4 add --udp 100.127.255.253 1-65535
>
> jool pool4 add --icmp 100.127.255.253 1-65535
>
>
>
> # At this point, I can create static BIB entries
>
> jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80
>
>
>
> My guess is that when you create the instance, it is willing to use any
> outbound IPv4 address, but as soon as you add a pool4, it restricts to
> that, and since I only put one port (80/tcp) into it, everything else got
> closed off.  Am I right about that?
>
>
>
> Again, many thanks; jool is solving a LOT of problems in my data centers.
>
>
>
> -- Art
>
>
>
>
>
>
>
> *From:* Jool-list <jool-list-bounces at nic.mx> *On Behalf Of *Art Cancro
> via Jool-list
> *Sent:* Thursday, February 18, 2021 6:48 PM
> *To:* Alberto Leiva <ydahhrk at gmail.com>
> *Cc:* jool-list at nic.mx
> *Subject:* Re: [Jool-list] DNAT "port mapping" through jool? [EXTERNAL]
>
>
>
> Manual entry to bib table looks like the right approach.   I tried it
> today.  100.127.255.253 is the interface on the IPv4 side of my jool
> machine, and we are successfully doing NAT64 of a /96 block towards the
> IPv4 side...
>
>
>
> So as a test I am trying to see if we can get clients who connect to
> 100.127:255:253#80 to get the HTTP server at 2607:f8b0:4002:c02::8a#80
> (which is google, but again it's just a test)
>
>
>
> So the command appears to be:
>
>
>
> jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80
>
>
>
> And the error response is:
>
>
>
> Error: The kernel module returned error 22: The transport address
> '100.127.255.253#80' does not belong to pool4.  Please add it there  first.
>
>
>
> So I tried:
>
>
>
> jool pool4 add --tcp 100.127.255.253 80
>
> jool bib add --tcp 2607:f8b0:4002:c02::8a#80 100.127.255.253#80
>
>
>
> This works for outbound connections, but it broke the NAT64 inbound
> connections.
>
>
>
> Does jool support pool6 IPv6-->IPv4 and manual bib IPv4-->IPv6 at the same
> time?
>
>
>
>
>
> *From:* Alberto Leiva <ydahhrk at gmail.com>
>
>
>
> Woops, I meant
>
>
>
> sudo jool bib add cafe::1#80 203.0.113.1#80
>
>
>
> On Wed, Feb 17, 2021 at 12:29 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
>
> Try
>
>
>
> sudo jool bib add <Address of IPv6 server>#<Port of IPv6 server> <IPv4
> address of Jool>#<Port of Jool mask>
>
> sudo jool bib add cafe::1#80 203.0.113.1:80
> <https://urldefense.com/v3/__http:/203.0.113.1:80__;!!LG9nLpOADg!B0yOLRqgb1DOljIz2V9bEd4Mmh0WJBBI_7SohIfZjT5ahPhvAWSGwHfF995pmBnNuw$>
>
>
>
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20210219/ff880bc1/attachment.htm>

More information about the Jool-list mailing list