Documentation > Introduction > What is Jool?

Introduction to Jool


  1. Overview
  2. Compliance
  3. Compatibility
  4. Design


Jool is an Open Source implementation of IPv4/IPv6 Translation on Linux. Until version 3.2.x, it used to be only a Stateful NAT64; starting from 3.3.0, it also supports SIIT mode.


As far as we know, this is the compliance status of Jool 3.5:

RFC/draft Reminder name Status
RFC 6052 IP address translation Fully compliant.
RFC 6144 IPv4/IPv6 Translation Framework Fully compliant.
RFC 7915 SIIT Fully compliant.
RFC 6146 Stateful NAT64 Fully compliant.
RFC 6384 FTP over NAT64 Not yet compliant.
RFC 6791 ICMP quirks In short, this RFC wants two things: A pool of IPv4 addresses and an ICMP header extension. Jool implements the former but not the latter.
RFC 6877 464XLAT Rather implemented as SIIT-DC-DTM; see below.
RFC 7755 SIIT-DC Fully compliant.
RFC 7756 SIIT-DC: Dual Translation Mode Fully compliant.
RFC 8021 Atomic Fragment Deprecation Fully compliant.
RFC 7757 EAM Fully compliant.
RFC 7422 Deterministic port allocations Deterministic port allocations (sequential algorithm only) can be obtained using the pool4’s --mark argument (mark-src-range ip6tables plugin suggested).

Please let us know if you find additional compliance issues or RFCs/drafts we’ve missed.


Jool supports Linux kernels 3.2.0 and above. While most of the development time has been spent experimenting on Ubuntu 16.04 using current kernels, we’ve performed a healthy amount of formal testing (unit and graybox) on Jool 3.5.0 in the following variants:

  • 3.2.0-23-generic-pae
  • 3.10.96-031096-generic
  • 3.13.0-85-generic
  • 3.14.60-031460-generic
  • 3.16.0-77-generic
  • 3.19.0-68-generic
  • 4.0.9-040009-generic
  • 4.1.31-040131-generic
  • 4.2.0-42-generic
  • 4.3.5-040305-generic
  • 4.4.1-040401-generic
  • 4.5.0-040500-generic
  • 4.7.0-040700-generic
  • 4.8.0-040800-generic
  • 4.8.2-040802-generic

Jool 3.5.4 was tested in the following variants:

  • 3.10.107-0310107-generic
  • 3.16.46-031646-generic
  • 3.18.62-031862-generic
  • 4.1.22-040122-generic
  • 4.4.0-87-generic
  • 4.9.0-040900-generic
  • 4.10.0-27-generic
  • 4.11.0-041100-generic
  • 4.12.0-041200-generic


Jool is a Netfilter module that hooks itself to the prerouting chain (See Netfilter Architecture). Because Netfilter isn’t comfortable with packets changing layer-3 protocols, Jool has its own forwarding pipeline, which only translating packets traverse.

Fig.1 - Jool within Netfilter

You can hook one instance of SIIT Jool and one instance of NAT64 Jool per network namespace.

Note Notice all filtering iptables modules skip Jool. For this reason, if you need to filter, you need to insert Jool in a namespace so iptables can do its job during FORWARD.

Fig.2 - Jool and Filtering

Alternatively, if you know what you’re doing, you can filter on mangle.