I'm not sure if this is the right list for this question, if not, please point me in the right direction.
The University of North Carolina at Greensboro is in the process of standing up an IPv6-only Research DMZ. To facilitate communication with the IPv4 Internet we're planning to use NAT64/DNS64 and have been advised by several other Universities to use Jool. I've got Jool installed in Centos 8 and it seems to work in Stateless mode but not Stateful. I've tried both pool6 and an EAMT list and the packets still don't seem to match. Maybe I'm missing something simple in my config. ======= WORKS ======= sudo /usr/local/bin/jool instance add "stateful" --netfilter --pool6 2600:2701:1010:64::/96 GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_CORE PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=0 time=9.048 ms 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=1 time=8.538 ms 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=2 time=8.457 ms 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=3 time=8.49 ms 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=4 time=8.438 ms ============== DOESN"T WORK ============== sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 2600:2701:1010:64::/96 OR sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter sudo /usr/local/bin/jool_siit -i "stateless" eamt add 2600:2701:1010:64::/96 152.13.0.64/27 sudo /usr/local/bin/jool_siit -i "stateless" eamt display +---------------------------------------------+--------------------+ | IPv6 Prefix | IPv4 Prefix | +---------------------------------------------+--------------------+ | 2600:2701:1010:64::/96 | 152.13.0.64/27 | +---------------------------------------------+--------------------+ GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_PUBLIC PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes Request 0 timed out 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address unreachable 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address unreachable Request 3 timed out 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address unreachable Debug: [282174.404533] Jool SIIT/8899d1c0/stateless: Packet: 2600:2700:20c:2::3->2600:2701:1010:64::808:808 [282174.405238] Jool SIIT/8899d1c0/stateless: =============================================== [282174.405945] Jool SIIT/8899d1c0/stateless: ICMPv6 type:128 code:0 id:4861 [282174.405947] Jool SIIT/8899d1c0/stateless: Translating the Packet. -- Jeremy Oglesby Network Architect Information Technology Services UNC Greensboro +1.336.334.3583 (office)
_______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
