How does one simply enable NAT64 on a Debian 11 system?
Best Answer
Install the packages jool-dkms and jool-tools. These are only available per default since Debian 11 / Bullseye. Be aware that this installs a whole bunch of development tools, kernel-headers etc. This might be a security issue on an edge device. It also required 312 Mb of disk space on a dedicated router without too many packages. If this is not acceptable, there's still tayga
Then create a directory /etc/jool and a file /etc/jool/jool.conf with the following content:
Be aware that, even if you configure your firewall via iptables, the underlying framework is Netfilter. The same goes for the Jool Website, where they have Netfilter and iptables examples.
The default instance means that you don't have to specify it explicitly when using the jool CLI tool.
Otherwise just specify your NAT64 prefix as pool6 and you're good to go. The example uses the IANA-reserved well-known prefix, but you can also use a prefix from your own network.
Start jool via systemctl start jool and test from an internal system with ping 64:ff9b::1.1.1.1 Adjust the prefix if necessary and don't use the example from the Jool website, that won't work. I forgot to check beforehand, so run systemctl enable jool, just to be save.
You'll almost certainly want DNS64 as well: check O'Reilly or the Jool website. Their example has ACLs, in case you don't have firewall on / in front of your DNS server.
You can check which locales you currently have generated using:
locale -a
You can generate more by editing /etc/locale.gen and uncommenting the lines for the locales that you want to enable. Then you can generate them by running the command:
locale-gen
You can find a list of supported locales in /usr/share/i18n/SUPPORTED
There is more information available on the Debian wiki.
Best Answer
Install the packages
jool-dkms
andjool-tools
. These are only available per default since Debian 11 / Bullseye. Be aware that this installs a whole bunch of development tools, kernel-headers etc. This might be a security issue on an edge device. It also required 312 Mb of disk space on a dedicated router without too many packages. If this is not acceptable, there's still taygaThen create a directory
/etc/jool
and a file/etc/jool/jool.conf
with the following content:Be aware that, even if you configure your firewall via
iptables
, the underlyingframework
is Netfilter. The same goes for the Jool Website, where they have Netfilter and iptables examples.The
default
instance means that you don't have to specify it explicitly when using the jool CLI tool.Otherwise just specify your NAT64 prefix as
pool6
and you're good to go. The example uses the IANA-reserved well-known prefix, but you can also use a prefix from your own network.Start jool via
systemctl start jool
and test from an internal system withping 64:ff9b::1.1.1.1
Adjust the prefix if necessary and don't use the example from the Jool website, that won't work. I forgot to check beforehand, so runsystemctl enable jool
, just to be save.You'll almost certainly want DNS64 as well: check O'Reilly or the Jool website. Their example has ACLs, in case you don't have firewall on / in front of your DNS server.