mailcow-dockerized
mailcow-dockerized copied to clipboard
Published
20 hours ago •
mailcow
mailcow
IPv6 Address is not being reognised - acme - 0000:0000:0000:0000:0000:0000:0000:0000
Contribution guidelines
- [X] I've read the contribution guidelines and wholeheartedly agree
I've found a bug and checked that ...
- [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
- [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
- [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
- [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description
Since the update `2023-05a`, I am not getting a cert. The updater asked if it should enable the native docker ipv6, which I tried out. After that, I had a problem that I couldn't start docker when I stopped docker later on the same day (updating other services). After a reboot docker worked again, which is probably because I use Unraid which loads the OS and it's config from a USB drive. When I updated to `2023-07`, I got asked again and declined.
I just now noticed the problem, because I noticed the cert warning when I connected a new mailbox for a new doamin in my imap client, whose name isn't a alt name for the cert yet.
I probably can't use the native docker ipv6 implementation. But how can I revert the changes? (Even if manually) so my ipv6 works again with the ipd6 nat.
Logs:
mailcow-acme | Sat Jul 29 17:06:18 CEST 2023 - Initializing, please wait...
mailcow-acme | Sat Jul 29 17:06:18 CEST 2023 - Using existing domain rsa key /var/lib/acme/acme/key.pem
mailcow-acme | Sat Jul 29 17:06:18 CEST 2023 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
mailcow-acme | Sat Jul 29 17:06:18 CEST 2023 - Detecting IP addresses...
mailcow-acme | Sat Jul 29 17:06:59 CEST 2023 - OK: <My IPv4>, 0000:0000:0000:0000:0000:0000:0000:0000
mailcow-acme | Sat Jul 29 17:07:00 CEST 2023 - Found AAAA record for imap.<a domain>.de: <My IPv6> - skipping A record check
mailcow-acme | Sat Jul 29 17:07:00 CEST 2023 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname imap.<a domain>.de (DNS returned <My IPv6>)
... other domain checks with the same last two lines
Steps to reproduce:
- Updated to `2023-05a` on Unraid OS
- Chose yes for the native docker ipv6 implementation
- rebooted
Which branch are you using?
master
Operating System:
Unraid OS 6.12.2
Server/VM specifications:
128 GB RAM, 16 Cores
Is Apparmor, SELinux or similar active?
No
Virtualization technology:
None
Docker version:
20.10.24
docker-compose version or docker compose version:
v2.17.3
mailcow version:
Now 2023-07, but problem since 2023-05a
Reverse proxy:
Nginx (SWAG)
Logs of git diff:
None
Logs of iptables -L -vn:
Chain INPUT (policy ACCEPT 43204 packets, 48M bytes)
pkts bytes target prot opt in out source destination
19M 21G MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4471K 1805M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0
4465K 1805M DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0
4465K 1805M DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0
1515K 520M ACCEPT 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
141K 8767K DOCKER 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
175K 84M ACCEPT 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
134K 8354K ACCEPT 0 -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
11M 2063M ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
370K 22M DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
8959K 8468M ACCEPT 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 -- * br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br-b6af842bf4ec !br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br-b6af842bf4ec br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0
2008K 173M ACCEPT 0 -- * br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3933 236K DOCKER 0 -- * br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0
10989 7861K ACCEPT 0 -- br-6a68a0e695e7 !br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0
2265 136K ACCEPT 0 -- br-6a68a0e695e7 br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0
35935 6776K WIREGUARD 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 42875 packets, 48M bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (4 references)
pkts bytes target prot opt in out source destination
1668 100K ACCEPT 6 -- !br-6a68a0e695e7 br-6a68a0e695e7 0.0.0.0/0 172.19.0.3 tcp dpt:80
192 11520 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.3 tcp dpt:8000
0 0 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.4 tcp dpt:8443
4 240 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.4 tcp dpt:8080
222K 13M ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.6 tcp dpt:9080
6036 337K ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.6 tcp dpt:22
0 0 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.8 tcp dpt:7889
5 300 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.9 tcp dpt:8080
113 6780 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.10 tcp dpt:8086
1 60 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.10 tcp dpt:8083
139K 8336K ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.11 tcp dpt:3306
0 0 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.12 tcp dpt:27017
23 1380 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.13 tcp dpt:9090
2146 129K ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.14 tcp dpt:6379
4 196 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.15 tcp dpt:30033
0 0 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.15 tcp dpt:10011
1 435 ACCEPT 17 -- !docker0 docker0 0.0.0.0/0 172.17.0.15 udp dpt:9987
202 12120 ACCEPT 6 -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:5432
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.5 tcp dpt:8983
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.9 tcp dpt:3306
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:8443
1759 106K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:8080
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
4 220 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
12 628 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
107 6272 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
87 5072 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587
1250 74872 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
3600 216K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465
26 1448 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110
51 2840 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
175K 84M DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
8959K 8468M DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 0 -- br-b6af842bf4ec !br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0
10989 7861K DOCKER-ISOLATION-STAGE-2 0 -- br-6a68a0e695e7 !br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0
36M 15G RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (4 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * br-b6af842bf4ec 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * br-6a68a0e695e7 0.0.0.0/0 0.0.0.0/0
10M 9170M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
36M 15G RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
12 965 REJECT 0 -- * * 46.148.40.113 0.0.0.0/0 reject-with icmp-port-unreachable
13 962 REJECT 0 -- * * 46.148.40.120 0.0.0.0/0 reject-with icmp-port-unreachable
14 1045 REJECT 0 -- * * 46.148.40.121 0.0.0.0/0 reject-with icmp-port-unreachable
15 1086 REJECT 0 -- * * 46.148.40.119 0.0.0.0/0 reject-with icmp-port-unreachable
22 1385 REJECT 0 -- * * 46.148.40.117 0.0.0.0/0 reject-with icmp-port-unreachable
16 1145 REJECT 0 -- * * 46.148.40.110 0.0.0.0/0 reject-with icmp-port-unreachable
14 1022 REJECT 0 -- * * 46.148.40.85 0.0.0.0/0 reject-with icmp-port-unreachable
17 1202 REJECT 0 -- * * 46.148.40.189 0.0.0.0/0 reject-with icmp-port-unreachable
14 1022 REJECT 0 -- * * 46.148.40.71 0.0.0.0/0 reject-with icmp-port-unreachable
14 1022 REJECT 0 -- * * 46.148.40.115 0.0.0.0/0 reject-with icmp-port-unreachable
14 1022 REJECT 0 -- * * 46.148.40.111 0.0.0.0/0 reject-with icmp-port-unreachable
13 939 REJECT 0 -- * * 46.148.40.74 0.0.0.0/0 reject-with icmp-port-unreachable
14 1022 REJECT 0 -- * * 46.148.40.79 0.0.0.0/0 reject-with icmp-port-unreachable
15 1125 REJECT 0 -- * * 46.148.40.160 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.191 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.193 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.86 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.90 0.0.0.0/0 reject-with icmp-port-unreachable
16 1416 REJECT 0 -- * * 46.148.40.75 0.0.0.0/0 reject-with icmp-port-unreachable
16 1165 REJECT 0 -- * * 46.148.40.92 0.0.0.0/0 reject-with icmp-port-unreachable
15 1384 REJECT 0 -- * * 46.148.40.87 0.0.0.0/0 reject-with icmp-port-unreachable
23 1445 REJECT 0 -- * * 46.148.40.161 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.81 0.0.0.0/0 reject-with icmp-port-unreachable
16 1284 REJECT 0 -- * * 46.148.40.13 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.83 0.0.0.0/0 reject-with icmp-port-unreachable
15 1082 REJECT 0 -- * * 46.148.40.82 0.0.0.0/0 reject-with icmp-port-unreachable
17 1225 REJECT 0 -- * * 46.148.40.84 0.0.0.0/0 reject-with icmp-port-unreachable
16 1142 REJECT 0 -- * * 46.148.40.91 0.0.0.0/0 reject-with icmp-port-unreachable
3 180 REJECT 0 -- * * 46.148.40.196 0.0.0.0/0 reject-with icmp-port-unreachable
16 1142 REJECT 0 -- * * 46.148.40.122 0.0.0.0/0 reject-with icmp-port-unreachable
26 1825 REJECT 0 -- * * 46.148.40.163 0.0.0.0/0 reject-with icmp-port-unreachable
16 1444 REJECT 0 -- * * 46.148.40.88 0.0.0.0/0 reject-with icmp-port-unreachable
19 1322 REJECT 0 -- * * 46.148.40.136 0.0.0.0/0 reject-with icmp-port-unreachable
20 1382 REJECT 0 -- * * 46.148.40.130 0.0.0.0/0 reject-with icmp-port-unreachable
27 1869 REJECT 0 -- * * 46.148.40.78 0.0.0.0/0 reject-with icmp-port-unreachable
26 1742 REJECT 0 -- * * 46.148.40.77 0.0.0.0/0 reject-with icmp-port-unreachable
26 1742 REJECT 0 -- * * 46.148.40.94 0.0.0.0/0 reject-with icmp-port-unreachable
22 1502 REJECT 0 -- * * 46.148.40.49 0.0.0.0/0 reject-with icmp-port-unreachable
18 1239 REJECT 0 -- * * 46.148.40.76 0.0.0.0/0 reject-with icmp-port-unreachable
20 1382 REJECT 0 -- * * 46.148.40.107 0.0.0.0/0 reject-with icmp-port-unreachable
6 360 REJECT 0 -- * * 46.148.40.162 0.0.0.0/0 reject-with icmp-port-unreachable
20 1382 REJECT 0 -- * * 46.148.40.114 0.0.0.0/0 reject-with icmp-port-unreachable
21 1442 REJECT 0 -- * * 46.148.40.135 0.0.0.0/0 reject-with icmp-port-unreachable
23 1562 REJECT 0 -- * * 46.148.40.112 0.0.0.0/0 reject-with icmp-port-unreachable
Chain WIREGUARD (1 references)
pkts bytes target prot opt in out source
Logs of ip6tables -L -vn:
Chain INPUT (policy ACCEPT 6876 packets, 470K bytes)
pkts bytes target prot opt in out source destination
6876 470K MAILCOW 0 -- * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
367K 348M MAILCOW 0 -- * * ::/0 ::/0
367K 348M DOCKER-USER 0 -- * * ::/0 ::/0
2888K 2923M DOCKER-ISOLATION-STAGE-1 0 -- * * ::/0 ::/0
35332 2773K DOCKER 0 -- * docker0 ::/0 ::/0
1091 777K ACCEPT 0 -- * docker0 ::/0 ::/0 ctstate RELATED,ESTABLISHED
2706 1245K ACCEPT 0 -- docker0 !docker0 ::/0 ::/0
34090 1971K ACCEPT 0 -- docker0 docker0 ::/0 ::/0
2695K 2895M DOCKER 0 -- * br-mailcow ::/0 ::/0
2172K 2856M ACCEPT 0 -- * br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED
156K 24M ACCEPT 0 -- br-mailcow !br-mailcow ::/0 ::/0
481K 34M ACCEPT 0 -- br-mailcow br-mailcow ::/0 ::/0
4596 326K WIREGUARD 0 -- * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 6047 packets, 427K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:8080
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:8443
1494 146K ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:993
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:995
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:110
2415 303K ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:143
5 368 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:4190
85 15330 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:25
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:465
66 8043 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:587
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:3 tcp dpt:8000
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:2 tcp dpt:5432
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:f tcp dpt:30033
0 0 ACCEPT 17 -- !docker0 docker0 ::/0 fd17::242:ac11:f udp dpt:9987
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:f tcp dpt:10011
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:e tcp dpt:6379
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:d tcp dpt:9090
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:c tcp dpt:27017
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:b tcp dpt:3306
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:a tcp dpt:8083
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:a tcp dpt:8086
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:9 tcp dpt:8080
18 2844 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:6 tcp dpt:22
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:6 tcp dpt:9080
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:4 tcp dpt:8080
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:4 tcp dpt:8443
0 0 ACCEPT 6 -- !docker0 docker0 ::/0 fd17::242:ac11:8 tcp dpt:7889
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
16 2669 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 ::/0 ::/0
15417 2285K DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow ::/0 ::/0
367K 348M RETURN 0 -- * * ::/0 ::/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * docker0 ::/0 ::/0
0 0 DROP 0 -- * br-mailcow ::/0 ::/0
15433 2288K RETURN 0 -- * * ::/0 ::/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
2888K 2923M RETURN 0 -- * * ::/0 ::/0
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
Chain WIREGUARD (1 references)
pkts bytes target prot opt in out source
Logs of iptables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 300K packets, 23M bytes)
pkts bytes target prot opt in out source destination
445K 27M DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 9263 packets, 945K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 402 packets, 46704 bytes)
pkts bytes target prot opt in out source destination
1 84 DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 194K packets, 12M bytes)
pkts bytes target prot opt in out source destination
41444 3072K MASQUERADE 0 -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0
1092 101K SNAT 0 -- * * 172.22.1.0/24 !172.22.1.0/24 /* 1690037304 */ to:10.1.0.25
1037 65152 MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE 0 -- * !br-b6af842bf4ec 172.18.0.0/16 0.0.0.0/0
128 8064 MASQUERADE 0 -- * !br-6a68a0e695e7 172.19.0.0/16 0.0.0.0/0
0 0 MASQUERADE 6 -- * * 172.19.0.3 172.19.0.3 tcp dpt:80
0 0 MASQUERADE 6 -- * * 172.17.0.3 172.17.0.3 tcp dpt:8000
0 0 MASQUERADE 6 -- * * 172.17.0.4 172.17.0.4 tcp dpt:8443
0 0 MASQUERADE 6 -- * * 172.17.0.4 172.17.0.4 tcp dpt:8080
0 0 MASQUERADE 6 -- * * 172.17.0.6 172.17.0.6 tcp dpt:9080
0 0 MASQUERADE 6 -- * * 172.17.0.6 172.17.0.6 tcp dpt:22
0 0 MASQUERADE 6 -- * * 172.17.0.8 172.17.0.8 tcp dpt:7889
0 0 MASQUERADE 6 -- * * 172.17.0.9 172.17.0.9 tcp dpt:8080
0 0 MASQUERADE 6 -- * * 172.17.0.10 172.17.0.10 tcp dpt:8086
0 0 MASQUERADE 6 -- * * 172.17.0.10 172.17.0.10 tcp dpt:8083
0 0 MASQUERADE 6 -- * * 172.17.0.11 172.17.0.11 tcp dpt:3306
0 0 MASQUERADE 6 -- * * 172.17.0.12 172.17.0.12 tcp dpt:27017
0 0 MASQUERADE 6 -- * * 172.17.0.13 172.17.0.13 tcp dpt:9090
0 0 MASQUERADE 6 -- * * 172.17.0.14 172.17.0.14 tcp dpt:6379
0 0 MASQUERADE 6 -- * * 172.17.0.15 172.17.0.15 tcp dpt:30033
0 0 MASQUERADE 6 -- * * 172.17.0.15 172.17.0.15 tcp dpt:10011
0 0 MASQUERADE 17 -- * * 172.17.0.15 172.17.0.15 udp dpt:9987
0 0 MASQUERADE 6 -- * * 172.17.0.2 172.17.0.2 tcp dpt:5432
0 0 MASQUERADE 6 -- * * 172.22.1.249 172.22.1.249 tcp dpt:6379
0 0 MASQUERADE 6 -- * * 172.22.1.5 172.22.1.5 tcp dpt:8983
0 0 MASQUERADE 6 -- * * 172.22.1.9 172.22.1.9 tcp dpt:3306
0 0 MASQUERADE 6 -- * * 172.22.1.10 172.22.1.10 tcp dpt:8443
0 0 MASQUERADE 6 -- * * 172.22.1.10 172.22.1.10 tcp dpt:8080
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:12345
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:4190
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:995
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:993
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:587
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:143
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:465
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:110
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:25
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
295 17700 RETURN 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- br-b6af842bf4ec * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- br-6a68a0e695e7 * 0.0.0.0/0 0.0.0.0/0
1668 100K DNAT 6 -- !br-6a68a0e695e7 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 to:172.19.0.3:80
192 11520 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.17.0.3:8000
0 0 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3443 to:172.17.0.4:8443
4 240 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083 to:172.17.0.4:8080
222K 13M DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9080 to:172.17.0.6:9080
6036 337K DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9022 to:172.17.0.6:22
0 0 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7889 to:172.17.0.8:7889
5 300 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8085 to:172.17.0.9:8080
113 6780 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8086 to:172.17.0.10:8086
1 60 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8084 to:172.17.0.10:8083
139K 8338K DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 to:172.17.0.11:3306
0 0 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27017 to:172.17.0.12:27017
23 1380 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 to:172.17.0.13:9090
2146 129K DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6379 to:172.17.0.14:6379
4 196 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:30033 to:172.17.0.15:30033
0 0 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10011 to:172.17.0.15:10011
1 435 DNAT 17 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:9987 to:172.17.0.15:9987
202 12120 DNAT 6 -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 to:172.17.0.2:5432
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.22.1.5:8983
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.9:3306
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:172.22.1.10:8443
1775 107K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.22.1.10:8080
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345
4 220 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190
12 628 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995
107 6272 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993
87 5072 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.253:587
1251 74932 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143
6023 361K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.253:465
26 1448 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110
51 2840 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.253:25
Logs of ip6tables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 304K packets, 148M bytes)
pkts bytes target prot opt in out source destination
921 72780 DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 49 packets, 7502 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 22 packets, 1867 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 18380 packets, 1471K bytes)
pkts bytes target prot opt in out source destination
106K 9907K SNAT 0 -- * * fd4d:6169:6c63:6f77::/64 !fd4d:6169:6c63:6f77::/64 to:fd00:10:1::25
0 0 MASQUERADE 0 -- * br-mailcow ::/0 ::/0 ADDRTYPE match dst-type LOCAL
106 9474 MASQUERADE 0 -- * !br-mailcow fd4d:6169:6c63:6f77::/64 ::/0
0 0 MASQUERADE 0 -- * docker0 ::/0 ::/0 ADDRTYPE match dst-type LOCAL
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:8080
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:8443
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:8080
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:8443
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:993
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:995
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:110
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:25
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:465
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:587
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:143
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:4190
152 12211 MASQUERADE 0 -- * !docker0 fd17::/64 ::/0
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:443
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:80
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:110
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:143
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:4190
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:993
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:995
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:25
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:465
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:587
0 0 MASQUERADE 6 -- * * fd17::242:ac11:3 fd17::242:ac11:3 tcp dpt:8000
0 0 MASQUERADE 17 -- * * fd17::242:ac11:f fd17::242:ac11:f udp dpt:9987
0 0 MASQUERADE 6 -- * * fd17::242:ac11:f fd17::242:ac11:f tcp dpt:10011
0 0 MASQUERADE 6 -- * * fd17::242:ac11:f fd17::242:ac11:f tcp dpt:30033
0 0 MASQUERADE 6 -- * * fd17::242:ac11:e fd17::242:ac11:e tcp dpt:6379
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:25
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:465
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:587
0 0 MASQUERADE 6 -- * * fd17::242:ac11:2 fd17::242:ac11:2 tcp dpt:5432
0 0 MASQUERADE 6 -- * * fd17::242:ac11:d fd17::242:ac11:d tcp dpt:9090
0 0 MASQUERADE 6 -- * * fd17::242:ac11:c fd17::242:ac11:c tcp dpt:27017
0 0 MASQUERADE 6 -- * * fd17::242:ac11:b fd17::242:ac11:b tcp dpt:3306
0 0 MASQUERADE 6 -- * * fd17::242:ac11:a fd17::242:ac11:a tcp dpt:8083
0 0 MASQUERADE 6 -- * * fd17::242:ac11:a fd17::242:ac11:a tcp dpt:8086
0 0 MASQUERADE 6 -- * * fd17::242:ac11:9 fd17::242:ac11:9 tcp dpt:8080
0 0 MASQUERADE 6 -- * * fd17::242:ac11:6 fd17::242:ac11:6 tcp dpt:22
0 0 MASQUERADE 6 -- * * fd17::242:ac11:6 fd17::242:ac11:6 tcp dpt:9080
0 0 MASQUERADE 6 -- * * fd17::242:ac11:4 fd17::242:ac11:4 tcp dpt:8080
0 0 MASQUERADE 6 -- * * fd17::242:ac11:4 fd17::242:ac11:4 tcp dpt:8443
0 0 MASQUERADE 6 -- * * fd17::242:ac11:8 fd17::242:ac11:8 tcp dpt:7889
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- docker0 * ::/0 ::/0
0 0 RETURN 0 -- br-mailcow * ::/0 ::/0
0 0 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:8080 to:[fd4d:6169:6c63:6f77::d]:8080
0 0 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:8443 to:[fd4d:6169:6c63:6f77::d]:8443
23 1840 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:993 to:[fd4d:6169:6c63:6f77::e]:993
0 0 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:995 to:[fd4d:6169:6c63:6f77::e]:995
0 0 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:110 to:[fd4d:6169:6c63:6f77::e]:110
70 5524 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:143 to:[fd4d:6169:6c63:6f77::e]:143
1 80 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::e]:4190
6 436 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
0 0 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
4 312 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:8000 to:[fd17::242:ac11:3]:8000
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:5432 to:[fd17::242:ac11:2]:5432
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:30033 to:[fd17::242:ac11:f]:30033
0 0 DNAT 17 -- !docker0 * ::/0 ::/0 udp dpt:9987 to:[fd17::242:ac11:f]:9987
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:10011 to:[fd17::242:ac11:f]:10011
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:6379 to:[fd17::242:ac11:e]:6379
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:9090 to:[fd17::242:ac11:d]:9090
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:27017 to:[fd17::242:ac11:c]:27017
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:3306 to:[fd17::242:ac11:b]:3306
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:8084 to:[fd17::242:ac11:a]:8083
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:8086 to:[fd17::242:ac11:a]:8086
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:8085 to:[fd17::242:ac11:9]:8080
2 128 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:9022 to:[fd17::242:ac11:6]:22
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:9080 to:[fd17::242:ac11:6]:9080
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:8083 to:[fd17::242:ac11:4]:8080
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:3443 to:[fd17::242:ac11:4]:8443
0 0 DNAT 6 -- !docker0 * ::/0 ::/0 tcp dpt:7889 to:[fd17::242:ac11:8]:7889
DNS check:
Error: No such container: dig
Huh, problem is gone. There was a reboot today (update to 2023-07 was also today)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Problem was gone short after for me. I think this had to do with me using Unraid and therefore a reboot restore the system state with docker where the native ipv6 setting was not set.
I reopen this issue, but you guys should post more information about your cases. You may have the same problem, but the root cause might not be known so far and probably there are missing some more details or other example cases.
This problem is much more illusive and is very common. Docker is a piece of garbage and there is countless number of issues that can cause it to fail to resolve ipv6. And the thing here is, it doesn't need to resolve ipv6 for acme to work. It should test if ipv6 is working and if not, just disable it and throw a warning, not refuse to even start.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Can we please not ignore this one? This issue had surfaced great many times and every time there's something different. There's zero reasons for mailcow to fail to function just because of this if ipv4 is working just fine. Throw a warning, but don't just fail to start.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.