[Jool-list] Ipv4 -> ipv6 <-ipv4

Alberto Leiva ydahhrk at gmail.com
Fri Apr 1 20:57:11 CDT 2022 

> What i am trying now is translate src ipv4 host adress to ipv6 adress of natdevice's outside interface and it is not working.

SIIT is not really meant to work this way. You might be thinking about
NAT64. But if you tried NAT64, you'd run into more trouble because
you'd then need to set up port forwarding. (Though, in ping's case,
it'd be more like "ICMP identifier forwarding".)

With SIIT, it's much easier if the host and its "nat" have distinct addresses.

> Also do i have to disable ipv4 on natdevice's outside interface?

Not necessarily. If the packet is translatable, then Jool will
translate it. But if it's not, it will return the packet to the
kernel. The kernel might then forward it normally, if there's a
suitable IPv4 network.

---------------------------------

I'm attaching a small sandbox you can use to test the network Nico proposed.

In any machine with Jool installed, run the script "start.sh". It'll
create the network in private network namespaces. You'll be able to
perform your ping like so:

    $ sudo ip netns exec hostL ping 192.168.4.4

That pings from the "hostL" (left host) namespace, to the right host's
address. Conversely,

    $ sudo ip netns exec hostR ping 192.168.1.4

pings from right to left.

You can then use things like

    $ sudo ip netns exec natL tcpdump -i natL2natR

To sniff the traffic in the "natL" (left NAT) network namespace, or
similar commands to do the same everywhere else.

You can open and analyze the start.sh script to understand how the
network and Jool are configured.

Destroy the experiment with the "stop.sh" script.

On Fri, Apr 1, 2022 at 12:25 AM Nico Schottelius via Jool-list
<jool-list at nic.mx> wrote:
>
>
> Good morning Ara,
>
> that is very much possible, f.i.:
>
> IPv4Host     -- Translator      -- Forward packet                   -- 2nd translator  -- 2nd IPv4Host
> 192.168.1.4     192.168.1.1        src = 2001:db8:1::192.168.1.4       192.168.4.1        192.168.4.4
>                 2001:db8:1::1      dst = 2001:db8:4::192.168.4.4       2001:db8:4::1
>
> This involves SIIT twice and at ungleich we call these scenarios "IPv4 islands".
>
> Best regards,
>
> Nico
>
> Ara via Jool-list <jool-list at nic.mx> writes:
>
> > Hello,
> >
> > I am wondering if the following scenario is possible
> >
> > Ipv4host --> natdevice ------>ipv6<-----natdevice <--- ipv4host
> >
> > Can jool do this with SIIT EAMT? Or should i use another method?
> >
> > Both natdevices are each others ipv6 default gateway.
> >
> > What i am trying now is translate src ipv4 host adress to ipv6 adress of natdevice's outside interface and it is not working.
> >
> > What i get is destination unreachable when i try to ping from one ipv4 host the other.
> >
> > Also do i have to disable ipv4 on natdevice's outside interface?
> >
> > Regards,
> > Ara
> >
> > _______________________________________________
> > Jool-list mailing list
> > Jool-list at nic.mx
> > https://mail-lists.nic.mx/listas/listinfo/jool-list
>
>
> --
> Sustainable and modern Infrastructures by ungleich.ch
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: start.sh
Type: application/x-shellscript
Size: 3342 bytes
Desc: not available
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20220401/ccaae8a8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stop.sh
Type: application/x-shellscript
Size: 133 bytes
Desc: not available
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20220401/ccaae8a8/attachment-0001.bin>

More information about the Jool-list mailing list