> sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 > 2600:2701:1010:64::/96 > ping6 2600:2701:1010:64::8.8.8.8
This is what's happening: - IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 - Jool cannot translate that packet, because the source address does not match pool6. Possible solution: Change your client's address to 2600:2701:1010:64::<IPv4 address that you own>. > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter > sudo /usr/local/bin/jool_siit -i "stateless" eamt add 2600:2701:1010:64::/96 > 152.13.0.64/27 > ping6 2600:2701:1010:64::8.8.8.8 This is what's happening: - IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 - Jool cannot translate that packet, because the source address matches neither pool6 nor the EAMT entry. Possible solution: Change your EAMT into +---------------------------------------------+--------------------------------+ | IPv6 Prefix | IPv4 Prefix | +---------------------------------------------+--------------------------------+ | 2600:2700:20c:2::3/128 | <IPv4 address that you own>/32 | +---------------------------------------------+--------------------------------+ Remember: With SIIT, each IPv6 client will need an implicit dedicated IPv4 address that you own. SIIT does not help you with IPv4 address exhaustion; only Stateful NAT64 does. On Fri, Apr 9, 2021 at 3:22 PM Jeremy Oglesby via Jool-list <[email protected]> wrote: > > I'm not sure if this is the right list for this question, if not, please > point me in the right direction. > > The University of North Carolina at Greensboro is in the process of standing > up an IPv6-only Research DMZ. To facilitate communication with the IPv4 > Internet we're planning to use NAT64/DNS64 and have been advised by several > other Universities to use Jool. > > I've got Jool installed in Centos 8 and it seems to work in Stateless mode > but not Stateful. I've tried both pool6 and an EAMT list and the packets > still don't seem to match. Maybe I'm missing something simple in my config. > > ======= > WORKS > ======= > > sudo /usr/local/bin/jool instance add "stateful" --netfilter --pool6 > 2600:2701:1010:64::/96 > > GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_CORE > PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=0 time=9.048 ms > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=1 time=8.538 ms > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=2 time=8.457 ms > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=3 time=8.49 ms > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=4 time=8.438 ms > > ============== > DOESN"T WORK > ============== > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 > 2600:2701:1010:64::/96 > > OR > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter > sudo /usr/local/bin/jool_siit -i "stateless" eamt add 2600:2701:1010:64::/96 > 152.13.0.64/27 > > sudo /usr/local/bin/jool_siit -i "stateless" eamt display > +---------------------------------------------+--------------------+ > | IPv6 Prefix | IPv4 Prefix | > +---------------------------------------------+--------------------+ > | 2600:2701:1010:64::/96 | 152.13.0.64/27 | > +---------------------------------------------+--------------------+ > > GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_PUBLIC > PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes > Request 0 timed out > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > unreachable > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > unreachable > Request 3 timed out > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > unreachable > > Debug: > [282174.404533] Jool SIIT/8899d1c0/stateless: Packet: > 2600:2700:20c:2::3->2600:2701:1010:64::808:808 > [282174.405238] Jool SIIT/8899d1c0/stateless: > =============================================== > [282174.405945] Jool SIIT/8899d1c0/stateless: ICMPv6 type:128 code:0 id:4861 > [282174.405947] Jool SIIT/8899d1c0/stateless: Translating the Packet. > > -- > > Jeremy Oglesby > Network Architect > Information Technology Services > UNC Greensboro > +1.336.334.3583 (office) > _______________________________________________ > Jool-list mailing list > [email protected] > https://mail-lists.nic.mx/listas/listinfo/jool-list _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
