+++
title = "Homelab - IPv4 Expose"
date = 2026-04-04
description = "How I expose my IPv6 only Homelab for IPv4 clients"
draft = true

[taxonomies]
categories = ["Homelab"]
tags = ["Homelab", "IPv4", "IPv6"]
+++

## Previous Setup
Currently I am renting a VPS which runs a custom proxy, that loads the configuration from consul based on tags and then accepts traffic on the proper ports and forwards it manually.

## Plan
Services that need to be exposed get their own virtual IPv6 address using keepalived. The active/master node will be forced to the node on which the service is currently running using priorities.

On my external server setup Jool with SIIT-DC and iptable rules.
1. Everything coming in at the given port for the service (for example HTTP, Teamspeak, etc.) is redirected to a different internal IPv4 address using iptables
2. Jool listens on the internal IPv4 address and performs SIIT-DC or SIIT-EAM forwarding to the correct virtual IPv6 address

## New Setup - Part 1 SIIT-EAM
1. Get a server that supports Dual-Stack networking and in the best case a /64 ipv6 subnet (I choose Scaleway as a European cloud provider, with cheap servers)
    [Scaleway IPv6 Docs](https://www.scaleway.com/en/docs/instances/how-to/use-flexips/#flexible-ipv6)
    [Scaleway Check neighbor discovery](https://www.scaleway.com/en/docs/dedibox-ipv6/how-to/debug-ipv6/#check-the-neighbor-discovery-protocol-ndp)
2. apt-get update and apt-get upgrade
3. Install Jool
    1. Based on the [jool documentation](https://www.jool.mx/en/ubuntu.html)
    2. `sudo apt install jool-dkms jool-tools`
    3. Enable IP forwarding
        - `/sbin/sysctl -w net.ipv4.conf.all.forwarding=1`
        - `/sbin/sysctl -w net.ipv6.conf.all.forwarding=1`
4. Install NDP Proxy Daemon [ndppd](https://manpages.ubuntu.com/manpages/focal/man1/ndppd.1.html)
    1. `sudo apt-get install ndppd`
    2. `/sbin/sysctl -w net.ipv6.conf.all.proxy_ndp=1`
5. Configure [Jool](https://www.jool.mx/en/index.html)
    1. `/sbin/modprobe jool_siit`
    2. `jool_siit instance add "example" --netfilter --pool6 2001:0bc8:1640:6554:0:0:0:0/96`
    3. `jool_siit -i "example" eamt add 2001:4dd5:b276:1:f652:14ff:fe94:dc00/128 51.158.177.228/32`
    4. (Optional for debugging) `jool_siit -i "example" global update logging-debug true`
6. ndppd for neighbor discovery
    1. In `/etc/ndppd.conf`
        ```
        proxy ens2 {
            rule 2001:0bc8:1640:6554:0:0:0:0/96 {
                static
            }
        }
        ```

### Troubles
Jool missing pool6, because I first wanted to try with only the EAM entry

Lots of debugging with tcpdump on external and local server

Neighbor Solicitation not working
`13:31:35.919212 IP6 _gateway > ff02::1:ff52:2f24: ICMP6, neighbor solicitation, who has 2001:bc8:1640:6554::4a52:2f24, length 32`
fixed using ndppd.

Fixed forwarding for everything received on the v4 ip, no way to forward based on service

## New Setup - Part 2 NAT64 with static BIB
The idea with this is to basically perform some static NAT64, to map ports on the ipv4 side to specific addresses and ports on the ipv6 side.
This would allow me to have one entry for every port that I want to expose, regardless of the IPv6 or port of the service.


1. Same
2. Same
3. Same
4. Same
5. Configure [Jool](https://www.jool.mx/en/index.html)
    1. `/sbin/modprobe jool`
    2. `jool instance add "example" --netfilter --pool6 2001:0bc8:1640:6554:0:0:0:0/96`[^nat64_setup]
    3. `jool -i "example" pool4 add --udp 51.158.177.228 1-65535`[^pool4_setup]
    4. `jool -i "example" pool4 add --tcp 51.158.177.228 1-65535`[^pool4_setup]
6. Same
7. Example Setup of bib[^bib_explained] entries (for teamspeak3 in this case)
    1. `jool -i "example" bib add 2001:4dd5:b276:1:f652:14ff:fe94:dc00#9987 51.158.177.228#9987 --udp`[^bib_add_command]
    2. `jool -i "example" bib add 2001:4dd5:b276:1:f652:14ff:fe94:dc00#30033 51.158.177.228#30033 --tcp`[^bib_add_command]


## Future Work
- Automate the jool setup (ansible playbook or maybe even using cloud-init)
- Automate the configuration of the corresponding entries (likely a custom integration with consul)

## References
[^nat64_setup]: [basic NAT64 tutorial](https://www.jool.mx/en/run-nat64.html)
[^pool4_setup]: We need to configure the [pool4](https://www.jool.mx/en/pool4.html) used by jool using the given [pool4 commands](https://nicmx.github.io/Jool/en/usr-flags-pool4.html)
[^bib_explained]: [BIB](https://www.jool.mx/en/bib.html)
[^bib_add_command]: [bib commands](https://www.jool.mx/en/usr-flags-bib.html#add)