You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
jool uses it's own bib table instead of conntrack to manage nat mappings, this causes iptables/nftables NAT(SNAT/DNAT/MASQUERADE) can not work together with jool as the connection is NEVER actually established, jool just drops ipv6 packets from one side and recreates ipv4 packets from the other side.
A workaround is to create a pair of veth then use the network namespace, this wiil let the packet "really" be sent to the interface and conntrack will be work fine https://www.jool.mx/en/node-based-translation.html
The text was updated successfully, but these errors were encountered:
Oh sorry, I thought this was closed because of the duplicate #398, and because you did reach the correct conclusion.
Yes, Jool'd packets do skip conntrack. But if you run Jool and conntrack in separate namespaces, they chain fine and don't interfere with each other. This is a result of Jool's somewhat awkward architecture, and can't be fixed without a large overhaul, which is #273.
I'm sorry for any inconvenience caused. No, my issue has already been resolved. I don't recall creating a duplicate issue, perhaps it was caused by network jitter.
Internet <--- ipv6 ---> (2001:db8::1) WAN LAN(192.168.1.1) <--- ipv4 ---> IoT device(192.168.1.2)
I want to remote access my home IoT device over an ipv6-only wan, but a simple ipv6 port forwarding like below won't work……
jool instance add --pool6 64:ff9b::/96 nft 'add rule inet fw4 dstnat_wan meta nfproto ipv6 tcp dport 10022 dnat ip6 to [64:ff9b::c0a8:102]:22'
#372#issuecomment-1021322964
jool uses it's own bib table instead of conntrack to manage nat mappings, this causes iptables/nftables NAT(SNAT/DNAT/MASQUERADE) can not work together with jool as the connection is NEVER actually established, jool just drops ipv6 packets from one side and recreates ipv4 packets from the other side.
A workaround is to create a pair of veth then use the network namespace, this wiil let the packet "really" be sent to the interface and conntrack will be work fine
https://www.jool.mx/en/node-based-translation.html
The text was updated successfully, but these errors were encountered: