> I think that this (Jool in private network namespace) just needs a slightly
> better documented set of examples. Maybe some python that knows how to do
> all the
> right system calls directly.
Hmm. Is this what you asked for?
(I just copied https://github.com/NICMx/Jool/issues/177#issuecomment-144648229
into a python script. It's SIIT rather than NAT64, but the intent
should be clear)
On Mon, Jul 6, 2020 at 3:41 PM Alberto Leiva <[email protected]> wrote:
>
> > (I still haven't been able to get Jool in netfilter mode to work so that
> > I can split traffic according to IPv6 origin between instances.
> > So I use the iptables method for now)
>
> Solution attached.
> Note that I cheated and used iptables for a simple nat, but you should
> be able to easily replace it with an nftables NAT if you want.
>
> Still working on the python script.
>
> On Thu, Jul 2, 2020 at 1:45 PM Michael Richardson <[email protected]>
> wrote:
> >
> >
> > Alberto Leiva <[email protected]> wrote:
> > >> I think that this (Jool in private network namespace) just needs a
> > slightly
> > >> better documented set of examples. Maybe some python that knows
> > how to do all the
> > >> right system calls directly.
> >
> > > Ok, I can give it a shot. (Just let me finish the 4.1.1 release
> > > first.) Which would you prefer: SIIT or NAT64?
> >
> > My usual interest is in NAT64.
> >
> > >> (I still haven't been able to get Jool in netfilter mode to work so
> > that
> > >> I can split traffic according to IPv6 origin between instances.
> > >> So I use the iptables method for now)
> >
> > > Same question: SIIT or NAT64?
> >
> > NAT64.
> > I find I'm always confused about the different SIIT uses, we need new names
> > :-)
> >
> > I care most about DC:SIIT, where I want to expose a single IPv4 address
> > for v4-only clients, so that they can reach IPv6 hosted server(s).
> > I think we can do this, but I admit that I haven't tried.
> >
> > --
> > Michael Richardson <[email protected]>, Sandelman Software Works
> > -= IPv6 IoT consulting =-
> >
> >
> >
import subprocess
#out_interface="eth0"
out_interface="enp0s3"
### 1: Create private Jool namespace and veth pair connecting it to global netns
subprocess.run("ip netns add jool".split())
subprocess.run("ip link add name to_jool type veth peer name to_world".split())
subprocess.run("ip link set up dev to_jool".split())
subprocess.run("ip link set dev to_world netns jool".split())
subprocess.run("ip netns exec jool ip link set up dev to_world".split())
### 2: Determine link-local addresses of veth pair (used as nexthops later)
result = subprocess.run("ip -brief addr show scope link dev to_jool".split(),
stdout=subprocess.PIPE, text=True)
if1addr6 = result.stdout.split()[2].split("/")[0]
result = subprocess.run("sudo ip netns exec jool ip -brief addr show scope link dev to_world".split(),
stdout=subprocess.PIPE, text=True)
if2addr6 = result.stdout.split()[2].split("/")[0]
### 3: Set up IP addressing and routing inside Jool namespace
subprocess.run(("ip netns exec jool ip -6 route add default via " + if1addr6 + " dev to_world").split())
subprocess.run("ip netns exec jool ip -4 address add 192.0.0.2/29 dev to_world".split())
### 4: Set up IP addressing and routing in global namespace
# The IPv6 CLAT address is stolen from the /64 on eth0, so we'll need proxy-nd
subprocess.run(("sysctl -w net.ipv6.conf." + out_interface + ".proxy_ndp=1").split())
subprocess.run(("ip -6 neigh add proxy 2a02:c0:400:104::4646 dev " + out_interface).split())
subprocess.run(("ip -6 route add 2a02:c0:400:104::4646 via " + if2addr6 + " dev to_jool").split())
subprocess.run("ip -4 address add 192.0.0.1/29 dev to_jool".split())
subprocess.run("ip -4 route add default via 192.0.0.2 dev to_jool".split())
subprocess.run("echo 1 | tee /proc/sys/net/ipv6/conf/*/forwarding".split())
### 5: Fire up Jool inside network namespace
subprocess.run("modprobe jool_siit".split())
subprocess.run("ip netns exec jool jool_siit instance add --netfilter -6 2001:67c:2b0:db32:0:1::/96".split())
subprocess.run("ip netns exec jool jool_siit eamt add 192.0.0.1 2a02:c0:400:104::4646".split())
_______________________________________________
Jool-list mailing list
[email protected]
https://mail-lists.nic.mx/listas/listinfo/jool-list
