Netskope Publisher

Installation

Bootstrap IPv6 NAT46 support on a fresh Ubuntu 22.04 publisher

IPv6 Installation

This guide walks you through bootstrapping a Netskope NPA Publisher with IPv6 NAT46 support on a clean Ubuntu 22.04 instance.

Prerequisites

  • A fresh Ubuntu 22.04 LTS (x86_64) instance (AWS EC2, Azure VM, or bare metal)
  • Root or sudo access
  • Internet connectivity for package downloads
  • A registered Netskope NPA Publisher (or you will register during setup)

Quick Start

Run the bootstrap script on your fresh Ubuntu 22.04 instance:

curl https://files.thepi.es/ipv6/bootstrap.sh | sudo bash
sudo su - $USER
exit

This single command will:

  1. Install all required system packages (Docker, Jool SIIT kernel modules, etc.)
  2. Configure the Docker environment for the publisher container
  3. Install Jool SIIT kernel module for IPv4-to-IPv6 stateless translation
  4. Prepare the host for NAT46 activation via the wizard

What the Bootstrap Script Does

System Packages

The script installs the following on the host:

PackagePurpose
docker.ioContainer runtime for the publisher
jool-dkmsJool SIIT kernel module for stateless IPv4/IPv6 translation
jool-toolsJool CLI tools for managing EAMT and instances
jqJSON processing for config files
iproute2Network management (ip command)
iptablesFirewall rules for publisher SNAT traffic

Jool SIIT

Jool is a stateless IP/ICMP translator (SIIT) that performs the actual IPv4-to-IPv6 packet translation in the kernel. The bootstrap script:

  • Installs jool-dkms and jool-tools
  • Loads the jool_siit kernel module
  • Configures the module to load on boot via /etc/modules-load.d/jool.conf

Docker Configuration

The script ensures Docker is installed and the current user is added to the docker group. The sudo su - $USER; exit sequence refreshes group membership without requiring a full logout.

After Bootstrap

Once the bootstrap script completes, you need to:

  1. Start the publisher container (if not already running)
  2. Run the wizard to enable NAT46 — see Wizard Configuration
  3. Validate the setup — see Validation

NAT46 is not active after bootstrap alone. The bootstrap only installs prerequisites. You must enable NAT46 through the wizard, which configures Jool SIIT, EAMT source translation, routes, and the CoreDNS Corefile.

Manual Installation

If you prefer to install components manually instead of using the bootstrap script:

1. Install Jool SIIT

sudo apt-get update
sudo apt-get install -y jool-dkms jool-tools
sudo modprobe jool_siit
echo "jool_siit" | sudo tee /etc/modules-load.d/jool.conf

2. Install Docker

sudo apt-get install -y docker.io
sudo usermod -aG docker $USER

3. Verify

lsmod | grep jool_siit
docker --version

Both commands should produce output. If jool_siit is not listed, check dmesg for module loading errors.

Overview

Netskope NPA Publisher with CoreDNS documentation

Wizard Configuration

Enable and configure NAT46 through the publisher wizard

On this page

IPv6 InstallationPrerequisitesQuick StartWhat the Bootstrap Script DoesSystem PackagesJool SIITDocker ConfigurationAfter BootstrapManual Installation1. Install Jool SIIT2. Install Docker3. Verify