Introduction to Jool
Jool is an Open Source implementation of IPv4/IPv6 Translation on Linux. Until version 3.2.x, it used to be only a Stateful NAT64; starting from 3.3.0, it also supports SIIT mode.
As far as we know, this is the compliance status of Jool 3.4:
|RFC 6052||IP address translation||Fully compliant.|
|RFC 6144||IPv4/IPv6 Translation Framework||Fully compliant.|
|RFC 7915||SIIT||Fully compliant.|
|RFC 6146||Stateful NAT64||Fully compliant.|
|RFC 6384||FTP over NAT64||Not yet compliant.|
|RFC 6791||ICMP quirks||In short, this RFC wants two things: A pool of IPv4 addresses and an ICMP header extension. Jool implements the former but not the latter.|
|RFC 6877||464XLAT||Rather implemented as SIIT-DC-DTM; see below.|
|RFC 7755||SIIT-DC||Fully compliant.|
|RFC 7756||SIIT-DC: Dual Translation Mode||Fully compliant.|
|draft-ietf-6man-deprecate-atomfrag-generation||Atomic Fragment Deprecation||Fully compliant.|
|RFC 7757||EAM||Fully compliant.|
|RFC 7422||Deterministic port allocations||Deterministic port allocations (sequential algorithm only) can be obtained using the pool4’s
Please let us know if you find additional compliance issues or RFCs/drafts we’ve missed.
Jool supports Linux kernels 3.2.0 and above. While most of the development time has been spent experimenting on Ubuntu 14.04 using current kernels, we’ve performed a healthy amount of formal testing (unit and graybox) on Jool 3.5.0 in the following variants:
Jool is a Netfilter module that hooks itself to the prerouting chain (See Netfilter Architecture). Because Netfilter isn’t comfortable with packets changing layer-3 protocols, Jool has its own forwarding pipeline, which only translating packets traverse.
You can hook one instance of SIIT Jool and one instance of NAT64 Jool per network namespace.
Notice all filtering iptables modules skip Jool. For this reason, if you need to filter, you need to insert Jool in a namespace so iptables can do its job during FORWARD.
Alternatively, if you know what you’re doing, you can filter on mangle.