Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
anotherpaul 4 hours ago

Wait this looks interesting. I am a biologist so I might get the terminology wrong. Would this allow me to run a ipv4 to ipv6 and back service?

I got some services with only ipv6 addresses and want clients with only ipv4 (sadly still exists) to at least be able to reach them. So could I dedicate a machine to translating for them using this tool?

rnhmjoj 18 minutes ago | parent | next [-]

Yes, translating packets between IPv6 and IPv4 is precisely what Jool does.

From what you're describing I think you have to options: if you have enough IPv4 addresses at your disposal to cover your IPv6-only machines, you can use the so called "SIIT-DC" mode [1].

Otherwise, if you have less IPv4 addresses, say just one on your router, and multiple IPv6 machine you can setup a stateful NAT64 [2] with some static BIB entries. NAT64 is basically the familiar NAT, just with IPv6 in the LAN instead of private IPv4 addresses (say 192.168.1.0), and static BIB entries are the equivalent of port forwarding. In this case you would run Jool on your router.

[1]: https://www.jool.mx/en/siit-dc.html

[2]: https://www.jool.mx/en/run-nat64.html

[3]: https://www.jool.mx/en/usr-flags-bib.html

yjftsjthsd-h an hour ago | parent | prev | next [-]

I think this would allow that, yes.

However, I personally would just do it in userspace, especially for that simple of a use. I'm doing the opposite; I have a webapp that somehow doesn't handle IPv6, so to access it over a pure-v6 network I just run this on the same host:

  socat TCP6-LISTEN:8002,fork TCP4:127.0.0.1:8000
I believe you could trivially reverse this;

  socat TCP4-LISTEN:8002,fork TCP6:[::1]:8000
should serve [::1]:8000 as 0.0.0.0:8002 (I don't remember if changing ports was strictly required; that may be a quirk of my exact setup).
rnhmjoj 12 minutes ago | parent [-]

The point of Jool and similar tools (there is also one called Tayga that runs in userspace, if you want) is to translate network traffic between multiple hosts, where some only have IPv6 and others only IPv4 addresses.

If your machine has both IPv6 and IPv4 addresses you don't need to any translation.

yjftsjthsd-h 4 minutes ago | parent [-]

Sure, but if your goal is

> I got some services with only ipv6 addresses and want clients with only ipv4 (sadly still exists) to at least be able to reach them.

then that seems like overkill. Although it depends on your network, of course.

jonway 3 hours ago | parent | prev [-]

you could also try using 6to4 or somesuch but this is new to me as well. Interested!

rnhmjoj 3 minutes ago | parent [-]

6to4 solves a different problem: it's a way to provide IPv6 internet access to some host with only IPv4 internet access. It's basically a VPN you need to configure on the client.

NAT64 and SIIT (what Jool and af-to are implementing) instead are a way to let (potentially) any IPv4-only client to connect to some IPv6-only machine you control. The client need to be aware its actually talking to an IPv6 machine, because there is a translator (typicall a router between them) that transparently translate the packet so they understand each other.