Translating IPv6 -> IPv4 causes IPv4 -> IPv4 to fail

[FallingSnow]

I've been trying to get Jool-SIIT to work for a while now but can't seem to figure out how to configure it. I'd like to provide some IPv6 only nodes on my network access to IPv4 services. I've setup a simple configuration using the config below.

Right now I'm running into 2 issues. Jool seems to be doing the opposite of what I want it to do.

1. When I enable jool_siit my IPv4 internet goes down, I cannot ping 8.8.8.8.
2. When I ping 64:ff9b::8.8.8.8 jool refuses to translate it even though it has the 64:ff9b prefix that is in my configuration.

/etc/jool/jool_siit.conf

{
  "comment": "Sample configuration for the SIIT Jool service.",

  "instance": "default",
  "framework": "netfilter",

  "global": {
    "comment": "Sample pool6 prefix",
    "pool6": "64:ff9b::/96"
  }
}

dmesg

[2473725.833585] Jool SIIT/a8e2dbc0/default: ===============================================
[2473725.833592] Jool SIIT/a8e2dbc0/default: Packet: 192.168.1.36->184.105.148.117
[2473725.833597] Jool SIIT/a8e2dbc0/default: TCP 41200->443
[2473725.833601] Jool SIIT/a8e2dbc0/default: Translating the Packet.
[2473725.833607] Jool SIIT/a8e2dbc0/default: Result: 64:ff9b::c0a8:124->64:ff9b::b869:9475
[2473725.833611] Jool SIIT/a8e2dbc0/default: Routing: 64:ff9b::c0a8:124->64:ff9b::b869:9475
[2473725.833619] Jool SIIT/a8e2dbc0/default: Packet routed via device 'isp0'.
[2473725.833626] Jool SIIT/a8e2dbc0/default: Sending packet.
[2473725.833636] Jool SIIT/a8e2dbc0/default: Success.
[2473725.979298] Jool SIIT/a8e2dbc0/default: ===============================================
[2473725.979303] Jool SIIT/a8e2dbc0/default: Packet: 2605:a601:a7ab:3900:9462:aaaa:aaaa:aaaa([redacted])->64:ff9b::808:808
[2473725.979308] Jool SIIT/a8e2dbc0/default: ICMPv6 type:128 code:0 id:9
[2473725.979310] Jool SIIT/a8e2dbc0/default: Translating the Packet.
[2473725.979315] Jool SIIT/a8e2dbc0/default: The input address lacks both pool6 prefix and EAM.
[2473725.979317] Jool: Returning the packet to the kernel.
[2473725.981214] Jool SIIT/a8e2dbc0/default: ===============================================

[FallingSnow]

Okay, I was able to get jool working with the following config, but I would like to get stateless jool_siit working.

{
  "comment": "Sample configuration for the NAT64 Jool service.",

  "instance": "default",
  "framework": "netfilter",

  "global": {
    "comment": "Sample pool6 prefix",
    "pool6": "64:ff9b::/96"
  }
}

[ydahhrk]

The source address of your packet (the redacted one) is not translatable. SIIT's two address translation mechanisms are pool6 and the EAMT. Pool6 doesn't match the source address, and you don't have any entries in the EAM table.

Probably add that address to the EAM table.

[ydahhrk]

See SIIT-DC.

[FallingSnow]

After rereading the doc you linked I think I understand. Jool SIIT's pool6 is for IPv4 -> IPv6 and EAMT is for IPv6 -> IPv4 kind of? So if I want to use IPv6 -> IPv4 without listing out each address I should be using Stateful NAT64?

[ydahhrk]

Jool SIIT's pool6 is for IPv4 -> IPv6 and EAMT is for IPv6 -> IPv4 kind of?

It's more like pool6 is used to translate the addresses of IPv4 nodes, EAMT is used to translate the addresses of IPv6 nodes.

So if I want to use IPv6 -> IPv4 without listing out each address I should be using Stateful NAT64?

Sure, although the EAMT also thinks in terms of prefixes, so if all your IPv6 nodes share the same very long prefix, you can aggregate them all into a single EAMT entry:

"This form can help you simplify configuration when you have lots of addresses to map; the suffix is always preserved, so the point is a single EAMT entry can describe the translation of an entire network."

[FallingSnow]

Cool, I think I understand it now. I kind of want to avoid manually listing my IPv6 prefix since it is dynamically assigned to me, same with my IPv4 address. But maybe in the future I could write a dhcp post IPv6 prefix allocation script that adds an EAMT entry to jool if I really want to use SIIT.

Thank you for your support and Jool!