最近在工作中測試環境裏遇到IPv6訪問IPv4的需求場景，加上剛好沒有防火牆可以實現Nat64的需求，索性自己在centos7上使用開源的jool軟件搭建一個NAT64服務器

我在安裝過程中參考的網上的安裝步驟和方法
Git上的jool安裝方法：https://github.com/leblancd/kube-v6/blob/master/NAT64-DNS64-CENTOS7-INSTALL.md
Jool官網提供的安裝步驟：https://www.jool.mx/en/install.html
Jool的Git項目位置：https://github.com/NICMx/jool

安裝CentOS操作系統

不做贅述了，我使用的是CentOS7.5（1804），安裝方式是Server with GUI，分區使用的是CentOS自動分區

關閉selinux和防火牆

vim /etc/selinux/config

將 SELINUX=enforcing 修改爲 SELINUX=disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

systemctl disable firewall

重啓CentOS服務器

安裝開發環境

這一步裏面有個安裝kenel-devel，這個kenel-devel一定不要用公網上的源安裝，公網上的kernel版本一般比安裝的Centos自帶的kernel版本要高，通過公網安裝的kenel-devel的內核版本是和本機的內核不一致的，後面會導致dmks安裝jool的時候報錯，建議這一步使用centos的iso鏡像作爲源安裝開發環境

cd /etc/yum.repos.d/
ll
-rw-r--r--. 1 root root 1664 Apr 29  2018 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 Apr 29  2018 CentOS-CR.repo
-rw-r--r--. 1 root root  649 Apr 29  2018 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  314 Apr 29  2018 CentOS-fasttrack.repo
-rw-r--r--  1 root root  657 Aug 20 23:34 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Apr 29  2018 CentOS-Sources.repo
-rw-r--r--. 1 root root 4768 Apr 29  2018 CentOS-Vault.repo

將上面列出的repo文件中，除了CentOS-Media.repo其他全部改名

mv CentOS-Base.repo CentOS-Base.repo.bak
mv CentOS-CR.repo CentOS-CR.repo.bak
mv CentOS-Debuginfo.repo CentOS-Debuginfo.repo.bak
mv CentOS-fasttrack.repo CentOS-fasttrack.repo.bak
mv CentOS-Sources.repo CentOS-Sources.repo.bak
mv CentOS-Vault.repo CentOS-Vault.repo.bak

將iso鏡像掛載到/media/cdrom目錄下

yum repolist all

Loading mirror speeds from cached hostfile
repo id                                 repo name                                       status
c7-media                                CentOS-7 - Media                                disabled

將c7-media的狀態由disable修改爲enable

yum-config-manager --enable c7-media

Loading mirror speeds from cached hostfile
repo id                                  repo name                                       status
c7-media                                 CentOS-7 - Media                                enabled: 3,971

安裝開發環境

yum clean all
yum repolist all
yum groupinstall -y "Development Tools"
yum install -y pkgconfig
yum install -y iptables-devel
yum install kernel-devel
yum install kernel-headers

檢查目錄

[root@localhost yum.repos.d]# ll /lib/modules/3.10.0-862.el7.x86_64/
total 3212
lrwxrwxrwx.  1 root root     38 Aug 20 14:52 build -> /usr/src/kernels/3.10.0-862.el7.x86_64
drwxr-xr-x.  3 root root     99 Aug 20 23:47 extra
drwxr-xr-x. 12 root root    128 Aug 20 14:52 kernel
-rw-r--r--   1 root root 820164 Aug 20 23:48 modules.alias
-rw-r--r--   1 root root 784670 Aug 20 23:48 modules.alias.bin
-rw-r--r--.  1 root root   1346 Apr 21  2018 modules.block
-rw-r--r--.  1 root root   7091 Apr 21  2018 modules.builtin
-rw-r--r--   1 root root   8965 Aug 20 23:48 modules.builtin.bin
-rw-r--r--   1 root root 280744 Aug 20 23:48 modules.dep
-rw-r--r--   1 root root 387639 Aug 20 23:48 modules.dep.bin
-rw-r--r--   1 root root    361 Aug 20 23:48 modules.devname
-rw-r--r--.  1 root root    132 Apr 21  2018 modules.drm
-rw-r--r--.  1 root root     82 Apr 21  2018 modules.modesetting
-rw-r--r--.  1 root root   1746 Apr 21  2018 modules.networking
-rw-r--r--.  1 root root  95355 Apr 21  2018 modules.order
-rw-r--r--   1 root root    490 Aug 20 23:48 modules.softdep
-rw-r--r--   1 root root 385449 Aug 20 23:48 modules.symbols
-rw-r--r--   1 root root 473998 Aug 20 23:48 modules.symbols.bin
lrwxrwxrwx.  1 root root      5 Aug 20 14:52 source -> build
drwxr-xr-x.  2 root root      6 Apr 21  2018 updates
drwxr-xr-x.  2 root root     95 Aug 20 14:52 vdso
drwxr-xr-x.  2 root root      6 Apr 21  2018 weak-updates
[root@localhost yum.repos.d]# ll /usr/src/kernels/3.10.0-862.el7.x86_64
total 4492
drwxr-xr-x  32 root root    4096 Aug 20 23:36 arch
drwxr-xr-x   3 root root      78 Aug 20 23:36 block
drwxr-xr-x   4 root root      76 Aug 20 23:36 crypto
drwxr-xr-x 119 root root    4096 Aug 20 23:36 drivers
drwxr-xr-x   2 root root      22 Aug 20 23:36 firmware
drwxr-xr-x  75 root root    4096 Aug 20 23:36 fs
drwxr-xr-x  28 root root    4096 Aug 20 23:36 include
drwxr-xr-x   2 root root      37 Aug 20 23:36 init
drwxr-xr-x   2 root root      22 Aug 20 23:36 ipc
-rw-r--r--   1 root root     505 Apr 21  2018 Kconfig
drwxr-xr-x  12 root root     236 Aug 20 23:36 kernel
drwxr-xr-x  10 root root     219 Aug 20 23:36 lib
-rw-r--r--   1 root root   51197 Apr 21  2018 Makefile
-rw-r--r--   1 root root    2305 Apr 21  2018 Makefile.qlock
drwxr-xr-x   2 root root      58 Aug 20 23:36 mm
-rw-r--r--   1 root root 1093137 Apr 21  2018 Module.symvers
drwxr-xr-x  60 root root    4096 Aug 20 23:36 net
drwxr-xr-x  14 root root     220 Aug 20 23:36 samples
drwxr-xr-x  13 root root    4096 Aug 20 23:36 scripts
drwxr-xr-x   9 root root     136 Aug 20 23:36 security
drwxr-xr-x  24 root root     301 Aug 20 23:36 sound
-rw-r--r--   1 root root 3409143 Apr 21  2018 System.map
drwxr-xr-x  17 root root     221 Aug 20 23:36 tools
drwxr-xr-x   2 root root      37 Aug 20 23:36 usr
drwxr-xr-x   4 root root      44 Aug 20 23:36 virt
-rw-r--r--   1 root root      41 Apr 21  2018 vmlinux.id

將yum.repo.d目錄下的repo文件恢復

mv CentOS-Base.repo.bak CentOS-Base.repo
mv CentOS-CR.repo.bak CentOS-CR.repo
mv CentOS-Debuginfo.repo.bak CentOS-Debuginfo.repo
mv CentOS-fasttrack.repo.bak CentOS-fasttrack.repo
mv CentOS-Sources.repo.bak CentOS-Sources.repo
mv CentOS-Vault.repo.bak CentOS-Vault.repo

安裝其他工具

安裝epel源

yum install -y epel-release

安裝dkms

yum install -y dkms

安裝pkgconfig

yum install -y pkgconfig

安裝libnl3，如果不安裝，後面在configure時會報錯“No package ‘libnl-genl-3.0’ found”

yum install -y libnl3-devel

安裝iptables-devel，如果不安裝，後面在configure時會報錯“No package ‘xtables’ found”

yum install -y iptables-devel

從Git下載jool最新版本

git clone https://github.com/NICMx/Jool.git

安裝jool

dkms install Jool/
cd Jool/
./autogen.sh
./configure
make
make install

加載jool模塊

/sbin/modprobe jool
lsmod |grep jool

jool                  179931  0 
nf_defrag_ipv6         35104  1 jool
nf_defrag_ipv4         12729  2 jool,nf_conntrack_ipv4

關閉系統自帶的防火牆，並安裝iptables

systemctl stop firewalld
systemctl diable firewalld
yum install -y iptables-services
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

配置IPv6地址池和轉發規則

配置IPv6地址池，將fec0:1::/96網段的地址NAT成ipv4地址

jool instance add "NAT64" --iptables --pool6 fec0:1::/96

配置iptables轉發規則

ip6tables -t mangle -A PREROUTING -s fec0:1::1 -j ACCEPT
ip6tables -t mangle -A PREROUTING -d fec0:1::/96 -j JOOL --instance "NAT64"
iptables -t mangle -A PREROUTING -d 10.206.254.4 -p tcp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -A PREROUTING -d 10.206.254.4 -p udp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -A PREROUTING -d 10.206.254.4 -p icmp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -A PREROUTING -d 10.206.254.4 -p icmp -j JOOL --instance "NAT64"

如果需要停用nat64

ip6tables -t mangle -D PREROUTING -s fec0:1::1 -j ACCEPT
ip6tables -t mangle -D PREROUTING -d fec0:1::/96 -j JOOL --instance "NAT64"
iptables -t mangle -D PREROUTING -d 10.206.254.4 -p tcp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -D PREROUTING -d 10.206.254.4 -p udp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -D PREROUTING -d 10.206.254.4 -p icmp --dport 61001:65535 -j JOOL --instance "NAT64"
iptables -t mangle -D PREROUTING -d 10.206.254.4 -p icmp -j JOOL --instance "NAT64"
jool instance remove "NAT64"
/sbin/modprobe -r jool

配置jool模塊開機加載

vim /etc/sysconfig/modules/jool.modules

#!/bin/bash

/sbin/modinfo -F filename jool > /dev/null 2>&1
if [ $? -eq 0 ]; then
    /sbin/modprobe jool
fi

配置NAT64規則開機加載

vim /etc/rc.local

/usr/local/bin/jool instance add "NAT64" --iptables --pool6 fec0:1::/96
/usr/local/bin/jool instance display
/usr/sbin/ip6tables -t mangle -A PREROUTING -s fec0:1::1 -j ACCEPT
/usr/sbin/ip6tables -t mangle -A PREROUTING -d fec0:1::/96 -j JOOL --instance "NAT64"
/usr/sbin/iptables -t mangle -A PREROUTING -d 10.206.254.4 -p tcp --dport 61001:65535 -j JOOL --instance "NAT64"
/usr/sbin/iptables -t mangle -A PREROUTING -d 10.206.254.4 -p udp --dport 61001:65535 -j JOOL --instance "NAT64"
/usr/sbin/iptables -t mangle -A PREROUTING -d 10.206.254.4 -p icmp --dport 61001:65535 -j JOOL --instance "NAT64"
/usr/sbin/iptables -t mangle -A PREROUTING -d 10.206.254.4 -p icmp -j JOOL --instance "NAT64"

Tips：

做完上面的配置之後Server本身ping IPv4的地址會不通，但是可以正常上網，貌似就只有ping有問題，目前暫未找到解決辦法

使用CentOS7搭建Nat64服務器實現IPv6網段訪問IPv4地址

安裝CentOS操作系統

關閉selinux和防火牆

安裝開發環境

安裝其他工具

從Git下載jool最新版本

安裝jool

加載jool模塊

關閉系統自帶的防火牆，並安裝iptables

配置IPv6地址池和轉發規則

配置jool模塊開機加載

配置NAT64規則開機加載

Tips：

vCenter6.0 UpdateManager安裝筆記

vCenter6.0安裝筆記

查看所有用戶的crontab

Python學習知識整理（4）-生成文件MD5校驗和

PostgreSQL修改數據目錄方法記錄

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結