Page MenuHomeVyOS Platform
Create Task
Maniphest T6595

Expose Jool's stateful NAT64 feature (BIB)
Open, NormalPublicFEATURE REQUEST
Actions

Description

Hi everyone!

Jool offers a stateful (destination) NAT64 variant (called BIB), which appears to not be exposed via VyOS config yet. This would allow to do IPv4 -> IPv6 translation similar to classical NAPT44. Following their docs, all it takes to create an entry is a single command specifying the IPv4 address and port, IPv6 address and port and the protocol. To keep it similar to the existing CLI, I'd propose something along this:

set nat64 destination rule 1 protocol [tcp|udp|icmp]
set nat64 destination rule 1 destination address 192.0.2.1
set nat64 destination rule 1 destination port 80
set nat64 destination rule 1 translation address 2001:db8:12:34::1
set nat64 destination rule 1 translation port 80
...

Best regards,
Michael

EDIT: Updated link to new Jool docs location at github.com, courtesy to marvin.

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Unspecified (please specify)

Event Timeline

MPStudyly created this task.Jul 18 2024, 6:22 PM
MPStudyly triaged this task as Normal priority.
MPStudyly created this object in space S1 VyOS Public.
MPStudyly updated the task description. (Show Details)
pasik subscribed.Jul 18 2024, 6:39 PM
kevinrausch subscribed.Aug 27 2024, 1:47 AM
syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.Nov 1 2024, 7:26 PM
syncer moved this task from Need Triage to Backlog - Feature Requests on the VyOS Rolling board.
syncer changed the subtype of this task from "Task" to "Feature Request".
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
MPStudyly updated the task description. (Show Details)Nov 4 2024, 9:10 AM
hsw0 subscribed.Jul 10 2025, 12:55 PM
frebib subscribed.Aug 3 2025, 10:42 AM

Note the caveat mentioned here: https://www.jool.mx/en/config-atomic.html#nat64
Idempotency would have to be implemented manually here, which could be fun in yolopython.

To add extra difficulty too: BIB is kinda strongly tied to SNAT64 in Jool (at least from what I can tell from the documentation). It would probably have to be nested under a nat64 source rule .. which is kinda unfortunate. Alternatively it could live at the top-level but then config verification would have to be stricter to ensure that every DNAT64 rule resides within an existing SNAT64 pool, and then configure it as such.

marvin subscribed.Aug 21 2025, 7:27 PM
MPStudyly updated the task description. (Show Details)Sep 4 2025, 10:40 AM
MPStudyly changed Issue type from improvement to Unspecified (please specify).
MPStudyly updated the task description. (Show Details)
MPStudyly updated the task description. (Show Details)
MPStudyly updated the task description. (Show Details)Sep 4 2025, 10:42 AM