Permalink
Browse files

Updating more documentation.

  • Loading branch information...
ydahhrk committed Jun 19, 2014
1 parent 5295b05 commit 2732f520b6616955fb81db778eab9da0f1db210c
Showing with 48 additions and 39 deletions.
  1. +34 −37 INSTALL
  2. +5 −1 doc/usr/css/style.css
  3. +8 −0 doc/usr/tutorial1.markdown
  4. +1 −1 doc/usr/userspace-app.markdown
View
71 INSTALL
@@ -7,94 +7,91 @@
***********************************************************************
Install the requirements:
- 1. Your kernel headers (2.6.38 - 3.9.2)
- $ sudo apt-get install linux-headers-$(uname -r)
+ 1. Your kernel headers (version 3.0.0+)
+ # apt-get install linux-headers-$(uname -r)
2. libnl-3-dev (Only if you need the userspace application):
- $ sudo apt-get install libnl-3-dev
+ # apt-get install libnl-3-dev
(Site: http://www.carisma.slowglass.com/~tgr/libnl)
-Install the DNS64:
- - BIND 9.8+: https://www.isc.org/software/bind
-
Compile the module:
NAT64$ cd mod
NAT64/mod$ make
Install the module:
- NAT64/mod$ make modules_install
- $ depmod
+ NAT64/mod# make modules_install
+ # depmod
Insert the module:
- Ensure the dependencies are up.
- $ modprobe ipv6
-
Enable ipv6 and ipv4 forwarding.
- $ sysctl -w net.ipv4.conf.all.forwarding=1
- $ sysctl -w net.ipv6.conf.all.forwarding=1
+ # sysctl -w net.ipv4.conf.all.forwarding=1
+ # sysctl -w net.ipv6.conf.all.forwarding=1
Turn off offloads (do this for every relevant interface)
- $ sudo ethtool --offload <interface> tso off ufo off gso off gro off lro off
+ # sudo ethtool --offload <interface> tso off ufo off gso off gro off lro off
Prevent martian packets from reaching the module (Required by RFC 6146).
- $ sysctl -w net.ipv4.conf.all.log_martians=1
+ # sysctl -w net.ipv4.conf.all.log_martians=1
Actually insert the module:
$ # default IPv4 pool: 192.168.2.1-192.168.2.4
$ # default IPv6 pool: 64:ff9b::/96
- $ modprobe jool
+ # modprobe jool
or
- $ modprobe jool pool4=192.168.0.1,192.168.0.2 pool6=1234:abcd::/96
+ # modprobe jool pool4=192.168.0.1,192.168.0.2 pool6=1234:abcd::/96
You might want to see your module shine.
$ lsmod # See your module listed. Might want to pipe over to "grep jool".
- $ dmesg # Check the log. Only if compiled with DEBUG (see mod/Kbuild).
+ $ dmesg # Check the log. Only relevant if compiled with DEBUG (see mod/Kbuild).
Configure the module:
Compile the userspace application.
NAT64$ cd usr
+ NAT64/usr$ ./autogen.sh # Only if you downloaded via Git. You need autoconf 2.69+.
+ NAT64/usr$ ./configure
NAT64/usr$ make
+ NAT64/usr# make install
Send requests to the module using the userspace application.
Show help:
- NAT64/usr$ ./jool --help
+ $ jool --help
Print the IPv6 pool:
- NAT64/usr$ ./jool --pool6
+ $ jool --pool6
Add prefix 1234:abcd/96 to the IPv6 pool:
- NAT64/usr$ ./jool --pool6 --add --prefix=1234:abcd::/96
+ # jool --pool6 --add --prefix=1234:abcd::/96
Remove prefix 1234:abcd/96 from the IPv6 pool:
- NAT64/usr$ ./jool --pool6 --remove --prefix=1234:abcd::/96
+ # jool --pool6 --remove --prefix=1234:abcd::/96
Print the IPv4 pool:
- NAT64/usr$ ./jool --pool4
+ $ jool --pool4
Add address 192.168.2.10 to the IPv4 pool:
- NAT64/usr$ ./jool --pool4 --add --addr=192.168.2.10
+ # jool --pool4 --add --addr=192.168.2.10
Remove address 192.168.2.10 from the IPv4 pool:
- NAT64/usr$ ./jool --pool4 --remove --addr=192.168.2.10
+ # jool --pool4 --remove --addr=192.168.2.10
Print the Binding Information Base (BIB):
- NAT64/usr$ ./jool --bib
+ $ jool --bib
Add a binding to the BIB:
- NAT64/usr$ ./jool --bib --add --bib4=192.168.2.1#11 --bib6=1::1#22
+ # jool --bib --add --bib4=192.168.2.1#11 --bib6=1::1#22
Remove a binding from the BIB:
- NAT64/usr$ ./jool --bib --remove --bib4=192.168.2.1#11
+ # jool --bib --remove --bib4=192.168.2.1#11
or
- NAT64/usr$ ./jool --bib --remove --bib6=1::1#22
+ # jool --bib --remove --bib6=1::1#22
Print the session table:
- NAT64/usr$ ./jool --session
+ $ jool --session
Print the "Filtering and Updating" step's configuration:
- NAT64/usr$ ./jool --filtering
+ $ jool --filtering
Change some "Filtering and Updating" configuration value:
- # Run "./jool --filtering" to quickly see the available values.
- NAT64/usr$ ./jool --filtering --dropAddr ON
+ $ # Run "jool --filtering" to quickly see the available values.
+ # jool --filtering --dropAddr ON
Print the "Translating the packet" step's configuration:
- NAT64/usr$ ./jool --translate
+ $ jool --translate
Change some "Translating the packet" configuration value:
- # Run "./jool --translate" to quickly see the available values.
- NAT64/usr$ ./jool --translate --setTC ON
+ $ # Run "jool --translate" to quickly see the available values.
+ # jool --translate --setTC ON
Removing the module:
- $ rmmod jool
+ # modprobe -r jool
View
@@ -67,13 +67,17 @@ blockquote {
padding: 1em;
border-radius: 3px;
border: 1px solid #ddd;
- color: #808080;
+ color: #707070;
font-size: 90%;
margin-left: 3em;
margin-right: 3em;
margin-bottom: 10px;
}
+blockquote strong {
+ color: #800;
+}
+
#page a {
text-decoration: none;
color: #00619f;
@@ -102,6 +102,14 @@ You copy the binaries generated to your system's module pool by running the `mod
user@node:~/Jool-<version>/mod# make modules_install
{% endhighlight %}
+> **Warning!**
+>
+> Kernels 3.7 and up want you to sign your kernel modules to make sure you're loading them in a responsible manner.
+>
+> But if your kernel was not configured to _require_ this feature (the kernels of many distros don't), you won't have much of an issue here. The output of `make modules_install` will output "Can't read private key"; this looks like an error, but is actually a warning, <a href="https://github.com/NICMx/NAT64/issues/94#issuecomment-45248942" target="_blank">so you can continue the installation peacefully</a>.
+>
+> Sorry; if your kernel _was_ compiled to require module signing, you probably know what you're doing, so I'll skip the instructions to make that work.
+
You'll later activate the module using the `modprobe` command. Thing is, the fact that the module resides in your pool doesn't mean it has already been indexed. Use `depmod` to make `modprobe` aware of the new module:
{% highlight bash %}
@@ -489,7 +489,7 @@ IPv6 packets and unfragmentable IPv4 packets don't need any of this because they
Because of [this quirk](quirk-iptables.html), Jool has its own defragmenter, which is built upon different requirements than those from the kernel's.
-> Warning.
+> **Warning.**
>
> We've recently found the aforementioned quirk to be a fallacy, and we're <a href="https://github.com/NICMx/NAT64/tree/fragments_experiment" target="_blank">experimenting on replacing Jool's defragmenter with the kernel's</a>.
>

0 comments on commit 2732f52

Please sign in to comment.