jool uses it's own bib table instead of conntrack to manage nat mappings, this causes iptables/nftables NAT(SNAT/DNAT/MASQUERADE) can not work together with jool as the connection is NEVER actually established, jool just drops ipv6 packets from one side and recreates ipv4 packets from the other side.
A workaround is to create a pair of veth then use the network namespace, this wiil let the packet "really" be sent to the interface and conntrack will be work fine
https://www.jool.mx/en/node-based-translation.html
Internet <--- ipv6 ---> (2001:db8::1) WAN LAN(192.168.1.1) <--- ipv4 ---> IoT device(192.168.1.2)
I want to remote access my home IoT device over an ipv6-only wan, but a simple ipv6 port forwarding like below won't work……
#372#issuecomment-1021322964
jool uses it's own bib table instead of conntrack to manage nat mappings, this causes iptables/nftables NAT(SNAT/DNAT/MASQUERADE) can not work together with jool as the connection is NEVER actually established, jool just drops ipv6 packets from one side and recreates ipv4 packets from the other side.
A workaround is to create a pair of veth then use the network namespace, this wiil let the packet "really" be sent to the interface and conntrack will be work fine https://www.jool.mx/en/node-based-translation.html