@Oskar456 thank you for your tutorial at #RIPE87 https://ripe87.ripe.net/wp-content/uploads/presentations/8-IPv6-mostly_on_OpenWRT.pdf
What is the advantage of using #jool like this versus the standard tutorial at #openwrt https://openwrt.org/docs/guide-user/network/ipv6/nat64
Ondřej Caletka
in reply to Goetz 🚲 • • •Thanks for the feedback! I was not aware there is a (minimal) UCI integration done for Jool - it was not there before.
There's still issue with running Jool in the main network namespace as it is not controllable by firewall rules, does not translate locally-generated traffic, fights over dynamic port numbers and needs to be reconfigured every time the public IPv4 changes. This is all resolved by running in a namespace.
I may look into improving the integration to support namespaces.
Anderson Silva
in reply to OndÅ™ej Caletka • • •Goetz 🚲
in reply to OndÅ™ej Caletka • • •If you allow, I would like to integrate your tutorial into the #openwrt wiki?
As you describe the current minimal example has this short commings.
Ondřej Caletka
in reply to Goetz 🚲 • • •Goetz 🚲
in reply to OndÅ™ej Caletka • • •Today I found time to update the OpenWrt wiki. Feedback appreciated.
https://openwrt.org/docs/guide-user/network/ipv6/nat64
#ipv6 #ipv6only #ipv6mostly
[OpenWrt Wiki] NAT64 for a IPv6-only network (Jool)
openwrt.orgGoetz 🚲
in reply to OndÅ™ej Caletka • • •reading your slides again, it's clearly there:
"Stealing packets in the PREROUTING, injecting translated
packets into POSTROUTING
- Hard to enforce firewall rules
- Translation not available for locally generated traffic"
One just needs to read it though.