NAT64: Using `jool` on Ubuntu 20.04

I found that jool has very good tutorials, but all the commands to get going are hidden in these large tutorials. Here are the steps I took to get it working on Ubuntu 20.04 on both a Raspberry Pi + Protectli Vault.

Please pre-read and refer to to Jool's Documentation for more information.

I have two Ubuntu 20.04 routers at home that run jool. Both routers/firewalls use NFTables so I'm just using jool in netfilter mode. When direct nftables support is implemented, I will move to this setup.

Quick Start/Setup jool

  • On ubuntu 20.04 it's just an apt install
    • apt install jool-dkms jool-tool
  • sudo modprobe jool
    • Add jool to /etc/modules to make persistent
  • Add Stateful NAT64 pool
    • jool instance add --netfilter --pool6 64:ff9b::/96
    • Here I used a oneshot systemd service to add on boot
[Unit]
Description=Add NAT64 netfilter pool6 to jool

[Service]
Type=oneshot
ExecStart=/usr/bin/jool instance add --netfilter --pool6 64:ff9b::/96

[Install]
WantedBy=multi-user.target

Handy Commands

  • See instace
    • jool instance display
    • jool instance status
  • See sessions
    • jool session display
  • Global config
    • jool global display
  • Overall stats
    • jool stats display

Testing

Try and Ping + traceroute to Google's main IPv4 NS anycast address 8.8.8.8 via IPv6 64:ff9b::8.8.8.8:

                              My traceroute  [v0.93]
coopbuntu (fd00:1::10)                                   2020-12-14T04:37:45+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                         Packets               Pings
 Host                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. fd00:1::2                           0.0%    11    2.5   2.3   2.1   2.6   0.1
 2. (waiting for reply)
 3. 64:ff9b::6022:7b58                  0.0%    11    9.9  13.6   9.9  20.7   3.6
 4. 64:ff9b::6022:7576                  0.0%    11   18.6  14.0  11.3  18.6   2.7
 5. 64:ff9b::6022:7932                  0.0%    10   14.0  17.1  13.2  21.9   3.0
 6. 64:ff9b::6022:b5                    0.0%    10   20.6  22.3  18.1  28.2   3.5
 7. 64:ff9b::6022:301                   0.0%    10   22.1  18.9  17.0  22.1   1.5
 8. 64:ff9b::4a7d:3072                  0.0%    10   26.2  21.3  17.7  36.2   5.9
 9. 64:ff9b::6caa:e636                  0.0%    10   24.1  19.2  17.3  24.1   2.5
10. 64:ff9b::4a7d:fc97                  0.0%    10   19.6  21.1  18.0  27.3   3.1
11. 64:ff9b::808:808                    0.0%    10   17.1  18.2  16.5  24.5   2.4

Once ICMP works, move on to tcp.

  • ssh -v 64:ff9b::173.255.255.199

Session Table

  • jool session display is your friend to see current translations
    • --numeric stops the non parallel DNS resolution
Every 1.0s: sudo jool session display                                  home1.cooperlees.com: Mon Dec 14 04:42:17 2020

---------------------------------
(ESTABLISHED) Expires in 1:59:31.440
Remote: us.cooperlees.com#ssh   fd00:1::10#48656
Local: 66.214.99.163#61019      64:ff9b::adff:ffc7#22
---------------------------------
(V4_FIN_V6_FIN_RCV) Expires in 0:03:14.796
Remote: 5.85.222.35.bc.googleusercontent.com#http       fd00:1::10#43868
Local: 66.214.99.163#62581      64:ff9b::23de:5505#80
---------------------------------

Related Posts

Book REVIEW: Linux Service Management Made Easy with systemd: Advanced techniques to effectively manage, control, and monitor Linux systems and services 1st Edition

Amazon Link Disclaimer: I get no royalites or anything here – Just had coworkers ask me about it So since I’m no systems guru and am now…

CLI Templates for Python + Rust

Do you also write a lot of services that need a few CLI option (e.g. –config) and or little CLI tools from time to time? Want a…

Stop IPv4 Point-To-Point Addressing your Networks

IPv4 addressing on links is no longer required to route IPv4. What you say?? Yes, you can stop IPv4 addressing your point to point links with Legacy…

Raspberry Pi Powered Fireplace

Mr Aijay Adams and I am back making my Fireplace Internet / Smart device controllable. Now, via a very sexy Web UI, when I’m heading back to…

nftables

Are you using the latest Linux kernel firewall?. Here are some notes I’ve saved that I use and forget all the time. I plan to add to…

RPM vs OPKG Cheat Sheet

Recently in the Terragraph project I work on we changed from RPM to OPKG to removes some dependencies (e.g. perl) and make our overall image size smaller….

Leave a Reply

Your email address will not be published.