Add a bunch of stuff to my ipv4 expose post

content/homelab-ipv4-expose/index.md

@@ -9,7 +9,7 @@ categories = ["Homelab"]
 tags = ["Homelab", "IPv4", "IPv6"]
 +++
 
-## Current Setup
+## Previous Setup
 Currently I am renting a VPS which runs a custom proxy, that loads the configuration from consul based on tags and then accepts traffic on the proper ports and forwards it manually.
 
 ## Plan
@@ -18,3 +18,57 @@ Services that need to be exposed get their own virtual IPv6 address using keepal
 On my external server setup Jool with SIIT-DC and iptable rules.
 1. Everything coming in at the given port for the service (for example HTTP, Teamspeak, etc.) is redirected to a different internal IPv4 address using iptables
 2. Jool listens on the internal IPv4 address and performs SIIT-DC or SIIT-EAM forwarding to the correct virtual IPv6 address
+
+## New Setup - Part 1 SIIT-EAM
+1. Get a server that supports Dual-Stack networking and in the best case a /64 ipv6 subnet (I choose Scaleway as a European cloud provider, with cheap servers)
+    [Scaleway IPv6 Docs](https://www.scaleway.com/en/docs/instances/how-to/use-flexips/#flexible-ipv6)
+    [Scaleway Check neighbor discovery](https://www.scaleway.com/en/docs/dedibox-ipv6/how-to/debug-ipv6/#check-the-neighbor-discovery-protocol-ndp)
+2. apt-get update and apt-get upgrade
+3. Install Jool
+    1. Based on the [jool documentation](https://www.jool.mx/en/ubuntu.html)
+    2. `sudo apt install jool-dkms jool-tools`
+    3. Enable IP forwarding
+        - `/sbin/sysctl -w net.ipv4.conf.all.forwarding=1`
+        - `/sbin/sysctl -w net.ipv6.conf.all.forwarding=1`
+4. Install NDP Proxy Daemon [ndppd](https://manpages.ubuntu.com/manpages/focal/man1/ndppd.1.html)
+    1. `sudo apt-get install ndppd`
+    2. `/sbin/sysctl -w net.ipv6.conf.all.proxy_ndp=1`
+5. Configure [Jool](https://www.jool.mx/en/index.html)
+    1. `/sbin/modprobe jool_siit`
+    2. `jool_siit instance add "example" --netfilter --pool6 2001:0bc8:1640:6554:0:0:0:0/96`
+    3. `jool_siit -i "example" eamt add 2001:4dd5:ae46:81:f652:14ff:fe94:dc00/128 51.158.177.228/32`
+    4. (Optional for debugging) `jool_siit -i "example" global update logging-debug true`
+6. ndppd for neighbor discovery
+    1. In `/etc/ndppd.conf`
+        ```
+        proxy ens2 {
+            rule 2001:0bc8:1640:6554:0:0:0:0/96 {
+                static
+            }
+        }
+        ```
+
+### Troubles
+Jool missing pool6, because I first wanted to try with only the EAM entry
+
+Lots of debugging with tcpdump on external and local server
+
+Neighbor Solicitation not working
+`13:31:35.919212 IP6 _gateway > ff02::1:ff52:2f24: ICMP6, neighbor solicitation, who has 2001:bc8:1640:6554::4a52:2f24, length 32`
+fixed using ndppd.
+
+Fixed forwarding for everything received on the v4 ip, no way to forward based on service
+
+## New Setup - Part 2 NAT64 with static BIB
+The idea with this is to basically perform some static NAT64, to map ports on the ipv4 side to specific addresses and ports on the ipv6 side.
+This would allow me to have one entry for every port that I want to expose, regardless of the IPv6 or port of the service.
+
+Rough plan (not tested or applied):
+- Follow the [basic NAT64 tutorial](https://www.jool.mx/en/run-nat64.html)
+- Configure the [BIB](https://www.jool.mx/en/bib.html) Entries using the [bib commands](https://www.jool.mx/en/usr-flags-bib.html)
+    - For teamspeak this should be something along the lines of `jool bib add 2001:4dd5:ae46:81:f652:14ff:fe94:dc00#9987  51.158.177.228#9987  --udp`
+
+
+## TODOs
+- Automate the jool setup
+- Automate the configuration of the corresponding entries