docker-ipv6nat icon indicating copy to clipboard operation
docker-ipv6nat copied to clipboard

Published 20 hours ago verified publisher icon robbertkl

Documentation clairification

Open Motophan opened this issue 4 years ago • 3 comments

/etc/docker/daemon.json

{
  "ipv6": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48"
}

Is this what you mean by "make sure your Docker daemon is started with --ipv6 and specifies a ULA range with --fixed-cidr-v6 (e.g. --fixed-cidr-v6 fd00:dead:beef::/48)"

My docker daemon on debian 10 with docker network inspect bridge showed

    {
        "Name": "bridge",
        "Id": "2e95b4c4edbc6c298bf3eebc436b0be6b5ee9681da58dddd3c4b7721bb764295",
        "Created": "2020-12-28T03:11:11.061086556Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
...

If so, could you make an example container compose stanza to bring up a your container and a nginx container with dual stack?

version: '2.4'

networks:
  mynetwork:
    driver: bridge

services:
  nginx: 
    image: nginx:latest
    container_name: nginx
    volumes:
      - /home/username/nginx/:/etc/nginx/
    ports:
      - 80:80
      - 443:443
  ipv6nat: 
    image: robbertkl/ipv6nat:latest
    container_name: ipv6nat
    privileged: True
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro

My issue with compose is

1- docker-compose down removes the user defined network 2- unsure how to instruct compose to create the network docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork

notes: my setup wont show ipv6 enabled for bridge for some reason. I dont know what to do to trigger it. I would like to have a user defined bridge as ipv6 and have that bridge created in compose.

Assuming my public IP (I have a /64, but my adapter assigns 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (example address) as my host's IP. I want to put that in the DNS as a AAAA record and I want containers to be able to open ports on this IP address, specifically nginx container on port 80,443.

Unfortunatally, my containers can reach ipv6 space if I run docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork and docker run --network mynetwork busybox ping ipv6.google.com it will ping google on ipv6 space. However, if I run a webserver it will not expose the port if I pass -p 443:443 to both ipv6 and ipv4. It will expose the port to ipv4 space, but will remained closed on ipv6 space. This is a data center server, and has no firewall whatsoever. I am assigned publicly routable ipv6 netblocks. What am I doing wrong? docker ps shows your container running and webserver running.

Motophan avatar Dec 28 '20 07:12 Motophan

I would like to semi-close this issue as I have figured it out, but I ask that hopefully some of this info can hit your README.md

networks:
  yeetmaster:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: 172.20.0.0/16
        - subnet: fd00:dead:beef::/48

services:
  nginx: 
    image: nginx:latest
    container_name: nginx
    volumes:
      - /home/username/nginx/:/etc/nginx/
    ports:
      - 80:80
      - 443:443
  ipv6nat: 
    image: robbertkl/ipv6nat:latest
    container_name: ipv6nat
    privileged: True
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro

If this does not work for you

1- docker-compose down will remove the network if nothing else is on it. You need to make sure the network is spun up by compose, so you may need to remove straggling containers and then docker network remove mynetwork 2- check host ipv6 connectivity, check docker run --network mynetwork busybox ping ipv6.google.com this will show if the containers can reach the ipv6 world. 3- check sysctl flags, especially ones mentioned previously. Make sure you dont have something blocking ipv6

Motophan avatar Dec 28 '20 07:12 Motophan

Hi, you can submit a PR with README changes and I'll be happy to consider incorporating them. I'd leave out the bottom lines, as most of that's already mentioned in the (already too long) README, but a working docker-compose example would be a good addition. Please be sure to include the right version at the top of the YAML.

robbertkl avatar Dec 28 '20 16:12 robbertkl

I don't know I use 2.4 for other issue because I'm just having issues getting gpus exposed to Plex containers but that's completely unrelated to this.

On Mon, Dec 28, 2020, 7:38 AM Robbert Klarenbeek [email protected] wrote:

Hi, you can submit a PR with README changes and I'll be happy to consider incorporating them. I'd leave out the bottom lines, as most of that's already mentioned in the (already too long) README, but a working docker-compose example would be a good addition. Please be sure to include the right version at the top of the YAML.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robbertkl/docker-ipv6nat/issues/66#issuecomment-751778862, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKEIUFELRBRTVP5CW6ZR42TSXCX7VANCNFSM4VLVBA4A .

Motophan avatar Dec 28 '20 18:12 Motophan