Thanks Alberto. My problem was that the IPv6 prefix was the same as the pool6. Solved now.
2017-04-03 16:56 GMT+02:00 Alberto Leiva <[email protected]>: > Sorry, I messed up. This is wrong: > > Translation prefix: 2001:db8::/64 > > It should read like this: > > Translation prefix: 2001:db8::/96 > > On Mon, Apr 3, 2017 at 9:47 AM, Alberto Leiva <[email protected]> wrote: > >> Well, I can't tell for sure since I can't see your prefixes, but from >> this: >> >> [ 725.945125] NAT64 Jool: Catching IPv6 packet: >> 64:ff9b::a21:1->64:ff9b::ac10:184 >> >> I can guess that maybe you jumped from the traditional SIIT tutorial >> straight to the NAT64 tutorial and didn't bother to change the addresses. >> >> Your IPv6 nodes' network does not need to start with the translation >> prefix. That's a traditional SIIT-only thing. The point of Stateful NAT64 >> is that any IPv6 node can access the IPv4 side; not just a selected few >> where you have control over their addresses. >> >> In traditional SIIT, you have three prefixes. One is the translation >> prefix, and the other ones are the network prefixes. The network prefixes >> are always subnetworks of the translation prefix. For example, >> >> Translation prefix: 2001:db8::/64 >> IPv6 network prefix: 2001:db8::0102:0300/120 >> IPv4 network prefix (IPv6 implicit): 1.2.4.0/24 >> (2001:db8::0102:0400/120) >> >> So you send a packet from 2001:db8::0102:0301 to 2001:db8::0102:0401. >> This makes sense because these two addresses belong to different networks, >> and the translator simply needs to remove the translation prefix. >> >> On the other hand, in Stateful NAT64, when you do this, >> >> modprobe jool pool6=64:ff9b::/96 >> >> you have to think that you're essentially renaming the whole IPv4 >> Internet as 64:ff9b::/96. This being the case, Jool thinks that >> 64:ff9b::a21:1 is sending a packet to a node from its own network, and it >> somehow ended in the translator's hands. Which is technically legal in some >> situations (namely "hairpinning"), but this isn't one of them. As it is, >> Jool thinks that the IPv6 node is trying to attack it: >> https://tools.ietf.org/html/rfc6146#section-5.4 >> >> I think that this should head you in the right direction. I can explain >> hairpinning and hairpinning loops if you want, but I don't think that >> you'll be needing it in the near future. >> >> Alberto >> >> >> On Mon, Apr 3, 2017 at 6:36 AM, Eduardo Montoya <[email protected]> >> wrote: >> >>> Hi, is anyone able to explain me why this response packet is being >>> dropped? >>> >>> [ 725.939726] NAT64 Jool: ============================== >>> ================= >>> [ 725.939746] NAT64 Jool: Catching IPv4 packet: >>> 172.16.1.132->172.16.1.141 >>> [ 725.939757] NAT64 Jool: Step 1: Determining the Incoming Tuple >>> [ 725.939771] NAT64 Jool: Tuple: 172.16.1.132#43563 -> >>> 172.16.1.141#20000 (UDP) >>> [ 725.939780] NAT64 Jool: Done step 1. >>> [ 725.939788] NAT64 Jool: Step 2: Filtering and Updating >>> [ 725.939816] NAT64 Jool: BIB entry: 64:ff9b::a21:1#49191 - >>> 172.16.1.141#20000 (UDP) >>> [ 725.939835] NAT64 Jool: Session entry: 64:ff9b::a21:1#49191 - >>> 64:ff9b::ac10:184#43563 | 172.16.1.141#20000 - 172.16.1.132#43563 (UDP) >>> [ 725.939845] NAT64 Jool: Done: Step 2. >>> [ 725.939854] NAT64 Jool: Step 3: Computing the Outgoing Tuple >>> [ 725.939869] NAT64 Jool: Tuple: 64:ff9b::ac10:184#43563 -> >>> 64:ff9b::a21:1#49191 (UDP) >>> [ 725.939877] NAT64 Jool: Done step 3. >>> [ 725.939886] NAT64 Jool: Step 4: Translating the Packet >>> [ 725.939907] NAT64 Jool: Done step 4. >>> [ 725.939932] NAT64 Jool: Packet routed via device 'usb1'. >>> [ 725.939941] NAT64 Jool: Sending skb. >>> [ 725.940026] NAT64 Jool: Success. >>> [ 725.945090] NAT64 Jool: ============================== >>> ================= >>> [ 725.945125] NAT64 Jool: Catching IPv6 packet: >>> 64:ff9b::a21:1->64:ff9b::ac10:184 >>> [ 725.945142] NAT64 Jool: Step 1: Determining the Incoming Tuple >>> [ 725.945163] NAT64 Jool: Tuple: 64:ff9b::a21:1#49191 -> >>> 64:ff9b::ac10:184#43563 (UDP) >>> [ 725.945174] NAT64 Jool: Done step 1. >>> [ 725.945185] NAT64 Jool: Step 2: Filtering and Updating >>> [ 725.945198] NAT64 Jool: Hairpinning loop. Dropping... >>> [ 726.139093] NAT64 Jool: ============================== >>> ================= >>> >>> Thanks. >>> >>> -- >>> *Eduardo Montoya* >>> -------------------------------------------- >>> Embedded Firmware Engineer >>> Kirale Technologies S.L. >>> Logroño, SPAIN >>> >>> www.kirale.com >>> >>> >>> _______________________________________________ >>> Jool-list mailing list >>> [email protected] >>> https://mail-lists.nic.mx/listas/listinfo/jool-list >>> >>> >> > -- *Eduardo Montoya* -------------------------------------------- Embedded Firmware Engineer Kirale Technologies S.L. Logroño, SPAIN www.kirale.com
_______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
