Oops. Corrections. Disregard my previous message. I meant: > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 > 2600:2701:1010:64::/96 > ping6 2600:2701:1010:64::8.8.8.8
This is what's happening: 1. IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 2. Jool cannot translate that packet, because the source address does not match pool6. Possible solution: Change your client's address to 2600:2701:1010:64::<IPv4 address that you own>. That way, both addresses can be translated with pool6. > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter > sudo /usr/local/bin/jool_siit -i "stateless" eamt add 2600:2701:1010:64::/96 > 152.13.0.64/27 > ping6 2600:2701:1010:64::8.8.8.8 This is what's happening: 1. IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 2. Jool cannot translate that packet, because the source address does not match the EAMT entry. Possible solution: Add `--pool6 2600:2701:1010:64::/96`, and change your EAMT into +---------------------------------------------+--------------------------------+ | IPv6 Prefix | IPv4 Prefix | +---------------------------------------------+--------------------------------+ | 2600:2700:20c:2::3/128 | <IPv4 address that you own>/32 | +---------------------------------------------+--------------------------------+ That way, the source address gets translated with the EAMT, and the destination address is translated with pool6. Remember: With SIIT, each IPv6 client will need an implicit dedicated IPv4 address that you own. SIIT does not help you with IPv4 address exhaustion; only Stateful NAT64 does. On Fri, Apr 9, 2021 at 9:25 PM Alberto Leiva <[email protected]> wrote: > > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 > > 2600:2701:1010:64::/96 > > ping6 2600:2701:1010:64::8.8.8.8 > > This is what's happening: > > - IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 > - Jool cannot translate that packet, because the source address does > not match pool6. > > Possible solution: Change your client's address to > 2600:2701:1010:64::<IPv4 address that you own>. > > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter > > sudo /usr/local/bin/jool_siit -i "stateless" eamt add > > 2600:2701:1010:64::/96 152.13.0.64/27 > > ping6 2600:2701:1010:64::8.8.8.8 > > This is what's happening: > > - IPv6 client writes packet 2600:2700:20c:2::3 -> 2600:2701:1010:64::8.8.8.8 > - Jool cannot translate that packet, because the source address > matches neither pool6 nor the EAMT entry. > > Possible solution: Change your EAMT into > > +---------------------------------------------+--------------------------------+ > | IPv6 Prefix | IPv4 > Prefix | > +---------------------------------------------+--------------------------------+ > | 2600:2700:20c:2::3/128 | <IPv4 address that you > own>/32 | > +---------------------------------------------+--------------------------------+ > > Remember: With SIIT, each IPv6 client will need an implicit dedicated > IPv4 address that you own. > SIIT does not help you with IPv4 address exhaustion; only Stateful NAT64 does. > > On Fri, Apr 9, 2021 at 3:22 PM Jeremy Oglesby via Jool-list > <[email protected]> wrote: > > > > I'm not sure if this is the right list for this question, if not, please > > point me in the right direction. > > > > The University of North Carolina at Greensboro is in the process of > > standing up an IPv6-only Research DMZ. To facilitate communication with > > the IPv4 Internet we're planning to use NAT64/DNS64 and have been advised > > by several other Universities to use Jool. > > > > I've got Jool installed in Centos 8 and it seems to work in Stateless mode > > but not Stateful. I've tried both pool6 and an EAMT list and the packets > > still don't seem to match. Maybe I'm missing something simple in my config. > > > > ======= > > WORKS > > ======= > > > > sudo /usr/local/bin/jool instance add "stateful" --netfilter --pool6 > > 2600:2701:1010:64::/96 > > > > GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_CORE > > PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes > > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=0 time=9.048 ms > > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=1 time=8.538 ms > > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=2 time=8.457 ms > > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=3 time=8.49 ms > > 64 bytes from 2600:2701:1010:64::808:808: icmp_seq=4 time=8.438 ms > > > > ============== > > DOESN"T WORK > > ============== > > > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter --pool6 > > 2600:2701:1010:64::/96 > > > > OR > > > > sudo /usr/local/bin/jool_siit instance add "stateless" --netfilter > > sudo /usr/local/bin/jool_siit -i "stateless" eamt add > > 2600:2701:1010:64::/96 152.13.0.64/27 > > > > sudo /usr/local/bin/jool_siit -i "stateless" eamt display > > +---------------------------------------------+--------------------+ > > | IPv6 Prefix | IPv4 Prefix | > > +---------------------------------------------+--------------------+ > > | 2600:2701:1010:64::/96 | 152.13.0.64/27 | > > +---------------------------------------------+--------------------+ > > > > GCRNET-UNCG-057-122-CORE# ping6 2600:2701:1010:64::8.8.8.8 vrf GCRNET_PUBLIC > > PING6 2600:2701:1010:64::808:808 (2600:2701:1010:64::808:808): 56 data bytes > > Request 0 timed out > > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > > unreachable > > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > > unreachable > > Request 3 timed out > > 112 bytes from 2600:2701:1010:64::100: Destination unreachable: Address > > unreachable > > > > Debug: > > [282174.404533] Jool SIIT/8899d1c0/stateless: Packet: > > 2600:2700:20c:2::3->2600:2701:1010:64::808:808 > > [282174.405238] Jool SIIT/8899d1c0/stateless: > > =============================================== > > [282174.405945] Jool SIIT/8899d1c0/stateless: ICMPv6 type:128 code:0 id:4861 > > [282174.405947] Jool SIIT/8899d1c0/stateless: Translating the Packet. > > > > -- > > > > Jeremy Oglesby > > Network Architect > > Information Technology Services > > UNC Greensboro > > +1.336.334.3583 (office) > > _______________________________________________ > > Jool-list mailing list > > [email protected] > > https://mail-lists.nic.mx/listas/listinfo/jool-list _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
