Open TumTumTom opened 2 years ago
ydahhrk
commented
2 years ago I see Jool as a solution to the problem with my IPv6-only servers, but would like to know how I can do this on a VPS.
I don't really get it. What's the difference?
If your /64 IPv6 subnet is a bunch of servers, and you just want to make them available from IPv4, you can set up a NAT64 with one BIB entry per server. Each BIB entry would specify which server corresponds to which of your IPv4 address's ports.
TumTumTom
commented
2 years ago I have multiple servers with public /64 (IPv6 only) subnets assigned to each server for internet access.
I would like to use a VPS server as public NAT64 and DNS64. This is a server with 1 public /64 IPv6 subnet and 1 public IPv4 address. The IPv6 only servers must connect to the NAT64/DNS64 VPS server over the internet for DNS just like those public services. I just can't find any examples of how to implement this. IPv6 is becoming more important due to the IPv4 shortages.
ydahhrk
commented
2 years ago Ok, suppose your NAT64 VPS server's /64 is 1234:5678::/64.
Your 1234:5678::/64 is the equivalent to the tutorial's 2001:db8::1/128.
So, in the 1234:5678::/64 server, do
modprobe jool
jool instance add "example" --netfilter --pool6 64:ff9b::/96Then any traffic that arrives to 1234:5678::/64 with destination address 64:ff9b::/96 will be translated to IPv4.
The following step would be to arrange routing so everyone involved knows to send 64:ff9b::/96 to 1234:5678::/64. But that depends on how you've set up your routing, so I can't help you with that.
Does this answer your question?
TumTumTom
commented
2 years ago Thank you. The routing part is unclear to me. I don't need to route to public NAT64/DNS64 services (Trex for example). These servers work directly in DNS without routing. At this point I got stuck, because I performed the steps you describe (in my internal lab) and was able to route it. But what if I want to use DNS with bind9 and jool without routes to the VPS?
ydahhrk
commented
2 years ago Normally, your clients are connected to a router, which is their default gateway.
The router itself has a route to 64:ff9b::/96 (or whatever pool6 you set up in your NAT64/DNS64).
You don't have to route to Trex because your machine has a default gateway, and that default gateway can figure out the way. (Through routing protocols or whatever.)
Does this answer your question?
zod076
commented
1 year ago But what if I want to use DNS with bind9 and jool without routes to the VPS?
Abit late, but if I'm reading this correctly, I think you want a NAT64/DNS64 setup using GUA addresses instead of the WKP 64:ff9b::/96.
On your PLAT box, assuming your /64 is 2001:db8:aaaa:bbbb::/64 ..
jool instance add "default" --iptables --pool6 2001:db8:aaaa:bbbb:64::/96
In bind9, set dns64 2001:db8:aaaa:bbbb:64::/96 { .. };
Then on the client point your DNS to your PLAT/BIND9 IPv6 address.
Hi, is there a step-by-step guide for a public NAT64/DNS64 VPS somewhere?
I tried jool for the first time and NAT64 is awesome. But I can't find much about the implementations for public IPv6 (usually /64 subnets) servers. I followed the installation from https://www.jool.mx/en/install.html & the stateful NAT64 guide for my internal lab.
I found this list with public services: https://nat64.xyz/ but due to privacy & logging issues I would like to host this myself.
How can I do this on, for example, a public VPS with 1 IPv4 address and a /64 IPv6 subnet? I see Jool as a solution to the problem with my IPv6-only servers, but would like to know how I can do this on a VPS.