Last active
October 6, 2023 11:36
-
-
Save zajdee/812310d4cb6cf2f1403343ecce0bccd0 to your computer and use it in GitHub Desktop.
Init Jool in a namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Save the file as e.g. /usr/sbin/jool-init.sh | |
# Edit to match your translation prefix | |
NAT64_PFX=64:ff9b::/96 | |
# Edit to match your dual-stack interface | |
DUALSTACKIFACE=ens5 | |
modprobe jool | |
# add namespace and devices to link the two namespaces | |
ip netns add joolns | |
ip link add name to_jool type veth peer name from_jool | |
ip link set dev from_jool netns joolns | |
# global namespace | |
ip link set to_jool up | |
ip -6 addr flush dev to_jool scope link | |
ip addr add fe80::1/64 scope link dev to_jool | |
ip addr add 192.0.2.1/24 dev to_jool | |
ip link set to_jool mtu 1500 | |
# joolns namespace | |
ip netns exec joolns ip link set lo up | |
ip netns exec joolns ip link set from_jool mtu 1500 | |
ip netns exec joolns ip link set from_jool up | |
ip netns exec joolns ip -6 addr flush dev from_jool scope link | |
ip netns exec joolns ip addr add fe80::2/64 scope link dev from_jool | |
ip netns exec joolns ip addr add 192.0.2.2/24 dev from_jool | |
ip netns exec joolns ip route add default via 192.0.2.1 | |
ip netns exec joolns ip -6 route add default via fe80::1 dev from_jool | |
ip netns exec joolns sysctl -w net.ipv4.conf.all.forwarding=1 | |
ip netns exec joolns sysctl -w net.ipv6.conf.all.forwarding=1 | |
# create jool instance in the joolns namespace | |
ip netns exec joolns jool instance add --netfilter --pool6 ${NAT64_PFX} | |
# add route to the main namespace | |
ip route add ${NAT64_PFX} via fe80::2 dev to_jool | |
# display jool status | |
ip netns exec joolns jool global display | |
# masquerade the output from the Jool namespace | |
# remove if you can route the network or if you masquerade elsewhere | |
iptables -t nat -A POSTROUTING -o ${DUALSTACKIFACE} -s 192.0.2.2 -j MASQUERADE | |
# enable IP forwarding | |
sysctl -w net.ipv4.conf.all.forwarding=1 | |
sysctl -w net.ipv6.conf.all.forwarding=1 | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment