I understand that you can enable IPv4 inside IPv6 only networks for applications by doing the network namespace trick. I don't see LOCAL_OUT as a new feature, but rather as an easier means to do something that's already supported.
On Mon, Jun 29, 2020 at 8:11 AM Nico Schottelius <[email protected]> wrote: > > > A note from my side: as soon as Jool has LOCAL_OUT support, it can act > to enable IPv4 inside IPv6 only networks for applications - so quite a > huge use case added. > > My 2 Swiss Rappen, > > Nico > > Alberto Leiva via Jool-list <[email protected]> writes: > > > Hi > > > > Jool is currently hardcoded to only accept attachments to PREROUTING: > > [0]. You cannot attach it to LOCAL_OUT. This means Jool cannot catch > > packets generated by its own machine. > > If you want Jool in LOCAL_OUT, please request the feature: [1] > > Alternatively, you can enclose Jool in a network namespace: [2] > > > > Good luck, > > Alberto > > > > [0] https://github.com/NICMx/Jool/blob/master/src/mod/common/xlator.c#L33 > > [1] https://github.com/NICMx/Jool > > [2] https://jool.mx/en/node-based-translation.html > > > > On Sun, Jun 28, 2020 at 2:16 PM Ben Hardill via Jool-list > > <[email protected]> wrote: > >> > >> Hi, > >> > >> I've been using Jool as part of a desktop ISP I've been playing with. I > >> have a Pi as a PPPoE concentrator, another acting as a home PPPoE router > >> and finally a third acting as a end user device (e.g. laptop/phone). > >> > >> I have a SIIT instance running on the router device mapping the local > >> IPv4 range with the IPv6 prefix and the reveres mapping happening on the > >> PPPoE concentrator. This is all working well with the end user device > >> able to access the IPv4 address space. > >> > >> > >> ************** 1 ************** 2 ************** > >> * isp * <-----> * router * <-----> * laptop * > >> ************** ************** ************** > >> > >> > >> 1. IPv6 only > >> 2. IPv4 & IPv6 > >> > >> isp > >> --- > >> > >> eth0 -> WAN IPv4 and IPv6 to the world > >> > >> eth1 -> PPPoE to router > >> > >> jool -> > >> jool instance add "example" --iptables --pool6 64:ff9b::/96 > >> > >> ip6tables -t mangle -A PREROUTING -j JOOL --instance "example" > >> iptables -t mangle -A PREROUTING -j JOOL --instance "example" > >> > >> jool -i "example" pool4 add -i 192.168.1.94 61000-65535 > >> jool -i "example" pool4 add -t 192.168.1.94 61000-65535 > >> jool -i "example" pool4 add -u 192.168.1.94 61000-65535 > >> > >> > >> > >> router > >> ------ > >> > >> eth0 -> PPPoE to ISP comes with only a IPv6 and a 2 delegated IPv6 > >> ranges, fd12:3456:789a:2::/64 for handing out to LAN device and > >> fd12:3456:789a:f464:2::/96 to use as the prefix for the 464 translation > >> > >> eth1 -> 10.66.0.1/24 with > >> - DHCP handing out the rest of 10.66.0.0/24 to the LAN > >> - RADVD handing out /64 > >> > >> jool -> > >> jool_siit instance add "example" --iptables --pool6 64:ff9b::/96 > >> jool_siit -i "example" eamt add fd12:3456:789a:f464:2::/96 10.66.0.0/24 > >> ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example" > >> iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example" > >> > >> > >> The problem is on the router device, since it only has a IPv6 link to > >> outside world and no IPv4 default route, I'm having problems reaching > >> IPv4 addresses from the router. > >> > >> Can anybody suggest what iptables rules and/or route I need to add so > >> IPv4 traffic from the router gets mapped through jool? > >> > >> > >> Thank, > >> > >> Ben > >> -- > >> http://www.hardill.me.uk/wordpress > >> http://about.me/hardillb > >> http://flickr.com/photos/hardillb/ > >> http://last.fm/user/hardillb > >> https://keybase.io/hardillb > >> _______________________________________________ > >> Jool-list mailing list > >> [email protected] > >> https://mail-lists.nic.mx/listas/listinfo/jool-list > > _______________________________________________ > > Jool-list mailing list > > [email protected] > > https://mail-lists.nic.mx/listas/listinfo/jool-list > > > -- > Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
