ydahhrk
commented
4 years ago Who has 172.28.177.4? The container? Or some other gateway?
Edit: Also, what's your distribution and kernel version?
Closed GeorgeGuo2018 closed 4 years ago
ydahhrk
commented
4 years ago Who has 172.28.177.4? The container? Or some other gateway?
Edit: Also, what's your distribution and kernel version?
GeorgeGuo2018
commented
4 years ago Hi, ydahhrk.
172.28.177.4 is the container's ip,
my host is centos 7.6.1810-3.10.0-957, I think 3.10.0-957 is the kernel version, and the jool version is 4.0.6.0
ydahhrk
commented
4 years ago Works for me.
This is the network I assembled:
+------------------------+
| Translator (container) |
+------------------------+
| +--------------+ |
| | to_world | |
| +--------------+ |
| | 4001:db8::4 | |
| | 172.28.177.4 | |
| +--------------+ |
| | |
+------------------------+
|
|
+------------------------+
| IPv6/IPv4 node (host) |
+------------------------+
| | |
| +--------------+ |
| | to_jool | |
| +--------------+ |
| | 4001:db8::8 | |
| | 172.28.177.8 | |
| +--------------+ |
| |
| +--------------+ |
| | enp0s3 | |
| +--------------+ |
| | 203.0.113.8 | |
| +--------------+ |
| | |
+------------------------+
|
+------------------------+
| Another IPv4 node |
+------------------------+
| | |
| +--------------+ |
| | vboxnet0 | |
| +--------------+ |
| | 203.0.113.16 | |
| +--------------+ |
+------------------------+This is my script for the host:
#!/bin/bash
sudo systemctl stop NetworkManager.service
sudo ip addr add 203.0.113.8/24 dev enp0s3
sudo ip link set enp0s3 up
sudo ip netns add joolns
sudo ip link add name to_jool type veth peer name to_world
sudo ip link set up dev to_jool
sudo ip link set dev to_world netns joolns
sudo ip netns exec joolns ip link set up dev to_world
sudo ip addr add 172.28.177.8/24 dev to_jool
sudo ip addr add 4001:db8::8/96 dev to_jool
sudo ip netns exec joolns ip addr add 172.28.177.4/24 dev to_world
sudo ip netns exec joolns ip addr add 4001:db8::4/96 dev to_world
#sudo ip route add to 192.168.1.0/24 via 172.28.177.4
sudo ip rule add to 192.168.1.0/24 table 2 pref 1
sudo ip route add to 192.168.1.0/24 via 172.28.177.4 table 2
sudo ip route add to 2001:db8::/96 via 4001:db8::4
sudo ip netns exec joolns ip route add to 203.0.113.0/24 via 172.28.177.8
sudo sysctl -w net.ipv4.conf.all.forwarding=1
sudo ip netns exec joolns sysctl -w net.ipv4.conf.all.forwarding=1
sudo ip netns exec joolns sysctl -w net.ipv6.conf.all.forwarding=1
sudo modprobe jool
sudo ip netns exec joolns /usr/local/bin/jool instance add --iptables --pool6 2001:db8::/96
sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --tcp
sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --udp
sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --icmp
sudo ip netns exec joolns ip6tables -t mangle -A PREROUTING -d 2001:db8::/96 -j JOOL
sudo ip netns exec joolns iptables -t mangle -A PREROUTING -d 192.168.1.0/24 -j JOOLThis is my script for the "Another IPv4 node":
#!/bin/bash
sudo ip addr flush dev vboxnet0 scope global
sudo ip addr add 203.0.113.16/24 dev vboxnet0
sudo ip link set vboxnet0 up
sudo ip route add 172.28.177.0/24 via 203.0.113.8
sudo ip route add 192.168.1.0/24 via 203.0.113.8This ping from the host works fine:
ping6 2001:db8::172.28.177.8This too:
ping6 2001:db8::203.0.113.16Works for me.
This is the network I assembled:
+------------------------+ | Translator (container) | +------------------------+ | +--------------+ | | | to_world | | | +--------------+ | | | 4001:db8::4 | | | | 172.28.177.4 | | | +--------------+ | | | | +------------------------+ | | +------------------------+ | IPv6/IPv4 node (host) | +------------------------+ | | | | +--------------+ | | | to_jool | | | +--------------+ | | | 4001:db8::8 | | | | 172.28.177.8 | | | +--------------+ | | | | +--------------+ | | | enp0s3 | | | +--------------+ | | | 203.0.113.8 | | | +--------------+ | | | | +------------------------+ | +------------------------+ | Another IPv4 node | +------------------------+ | | | | +--------------+ | | | vboxnet0 | | | +--------------+ | | | 203.0.113.16 | | | +--------------+ | +------------------------+This is my script for the host:
#!/bin/bash sudo systemctl stop NetworkManager.service sudo ip addr add 203.0.113.8/24 dev enp0s3 sudo ip link set enp0s3 up sudo ip netns add joolns sudo ip link add name to_jool type veth peer name to_world sudo ip link set up dev to_jool sudo ip link set dev to_world netns joolns sudo ip netns exec joolns ip link set up dev to_world sudo ip addr add 172.28.177.8/24 dev to_jool sudo ip addr add 4001:db8::8/96 dev to_jool sudo ip netns exec joolns ip addr add 172.28.177.4/24 dev to_world sudo ip netns exec joolns ip addr add 4001:db8::4/96 dev to_world #sudo ip route add to 192.168.1.0/24 via 172.28.177.4 sudo ip rule add to 192.168.1.0/24 table 2 pref 1 sudo ip route add to 192.168.1.0/24 via 172.28.177.4 table 2 sudo ip route add to 2001:db8::/96 via 4001:db8::4 sudo ip netns exec joolns ip route add to 203.0.113.0/24 via 172.28.177.8 sudo sysctl -w net.ipv4.conf.all.forwarding=1 sudo ip netns exec joolns sysctl -w net.ipv4.conf.all.forwarding=1 sudo ip netns exec joolns sysctl -w net.ipv6.conf.all.forwarding=1 sudo modprobe jool sudo ip netns exec joolns /usr/local/bin/jool instance add --iptables --pool6 2001:db8::/96 sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --tcp sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --udp sudo ip netns exec joolns /usr/local/bin/jool pool4 add 192.168.1.4/30 2000-4000 --icmp sudo ip netns exec joolns ip6tables -t mangle -A PREROUTING -d 2001:db8::/96 -j JOOL sudo ip netns exec joolns iptables -t mangle -A PREROUTING -d 192.168.1.0/24 -j JOOLThis is my script for the "Another IPv4 node":
#!/bin/bash sudo ip addr flush dev vboxnet0 scope global sudo ip addr add 203.0.113.16/24 dev vboxnet0 sudo ip link set vboxnet0 up sudo ip route add 172.28.177.0/24 via 203.0.113.8 sudo ip route add 192.168.1.0/24 via 203.0.113.8This ping from the host works fine:
ping6 2001:db8::172.28.177.8This too:
ping6 2001:db8::203.0.113.16
Hi,ydahhrk . Thanks for your reply. Will set up a clear new environment and try it again. Thanks a lot.
Hi, there. I installed Jool in a container with pool4 192.168.1.0/24 and pool6 2001:db8::/96, and set relevent iptables/ip6tables rules to let package with dst 2001:db8::/96 or 192.168.1.0/24 to go to Jool. Everything works well, package fe::10-->2001:db8::10.6.115.235 get in the container, and the transferred ipv4 package 192.168.1.49-->10.6.115.235 get out of the container.
But once I set the following ip rules on the host on which the Jool container runs, I no longer get the transferred ipv4 package. Within the container, i can see the ipv6 package arrived at the PREROUTING, but did not see any package at the POSTROUTING. I start a new package fe::110-->2001:db8::10.6.115.235, and using command "jool bib display" , i can see the fe::110 was bind to a new ipv4 address 192.168.1.32 from the ipv4 pool. The ip rules are as follows, which are relevent to the ipv4 pool. #ip rule add to 192.168.1.0/24 table 2 pref 1 #ip route add to 192.168.1.0/24 via 172.28.177.4 table 2
Once I delete those ip rules, everything return back to OK. Seems that ip rules on the host conflict with Jool. In my opinion, the container is running in a seperated network namespace, and the ip rule on the host should not affect the jool running in a container. It might be that, the jool.ko should still be plugin into the kernel of the host, and thus conflict with the ip rules relevant to the ip rules.
Any reply would be appreciated.Thanks.