@Oskar456 thank you for your tutorial at #RIPE87 https://ripe87.ripe.net/wp-content/uploads/presentations/8-IPv6-mostly_on_OpenWRT.pdf
What is the advantage of using #jool like this versus the standard tutorial at #openwrt https://openwrt.org/docs/guide-user/network/ipv6/nat64
@goetz Thanks for the feedback! I was not aware there is a (minimal) UCI integration done for Jool - it was not there before.
There's still issue with running Jool in the main network namespace as it is not controllable by firewall rules, does not translate locally-generated traffic, fights over dynamic port numbers and needs to be reconfigured every time the public IPv4 changes. This is all resolved by running in a namespace.
I may look into improving the integration to support namespaces.
@goetz Also, NAT64 alone only fixes part of the problem, you still have to deal with jurassic IP literals which is where xLAT + all companion features come in
@UnderEu thanks for the heads up. Yes, DNS64 is needed here for most use cases, for devices not utilizing CLAT or similar. The unbound or AdguardHome to the rescue. Only a few edge cases remain, but this is for another day.
@goetz oh, sure, yes please!
@Oskar456 Today I found time to update the OpenWrt wiki. Feedback appreciated.
@Oskar456 reading your slides again, it's clearly there:
"Stealing packets in the PREROUTING, injecting translated
packets into POSTROUTING
- Hard to enforce firewall rules
- Translation not available for locally generated traffic"
One just needs to read it though.