Assign a public IPv6 to a Docker container

probablypablito

12/30/23, 8:40 PM

I have an IPv6 address, in this case 2603:c021:4004:7400:4bc5:c726:7f5a:1c31 in the subnet 2603:c021:4004:7400::/56.

I would like to assign that IP address to a Docker container, so that upon making a request from inside that container, the recipient would see the IP listed above.

I only need outgoing requests to function, incoming requests are not necessary.

I have tried enabling IPv6 by including

"ipv6": true,
"fixed-cidr-v6": "2603:c021:4004:7400::/56"

in the Docker daemon config file.

Upon restarting Docker, I could see in ip -br a that the docker0 interface had the whole subnet assigned to it.

I then ran a container using sudo docker run -it --ip6 2603:c021:4004:7400:4bc5:c726:7f5a:1c31 ubuntu.

Inside the container, pinging and communicating with public IPv4 hosts works, but public IPv6 ones do not.

I have also added that same IPv6 address to my host by running sudo ip addr add 2603:c021:4004:7400:4bc5:c726:7f5a:1c31 dev enp0s3, and that allowed me to ping my host using that IP from a separate network.

761

1 + 1

networking

linux

ipv6

docker

Dubu

1/4/24, 11:11 AM

> _Upon restarting Docker, I could see in ip -br a that the docker0 interface had the whole subnet assigned to it._ - I do not know of any method to add a whole (IPv6) subnet to an interface. Presumably, you just added the address 2603:c021:4004:7400::/56 to the interface. Yes, that's a valid address with just trailing zeroes and happens to be the Subnet Router Anycast Address for that subnet.

Score:0

Server

probablypablito

12/30/23, 11:39 PM

I've managed to do it using a NAT like system.

First, I added my IPv6 address to my host

ip addr add 2603:c021:4004:7400:4bc5:c726:7f5a:1c31 dev eth0

Then, I changed the fixed-cidr-v6 value in the Docker daemon to a /64 CIDR in the private range (fc00::/7), in my case fd2c:03f8:9028:5037::/64.

Next, I ran a Docker container giving it the static IPv6 of fd2c:3f8:9028:5037:0:242:ac11:3.

docker run --ip6="fd2c:3f8:9028:5037:0:242:ac11:3" -it --rm ubuntu

I then used ip6tables to route traffic to the right IP

ip6tables -t nat -I POSTROUTING -p all -s fd2c:3f8:9028:5037:0:242:ac11:3 -j SNAT --to-source 2603:c021:4004:7400:4bc5:c726:7f5a:1c31

Voila! Upon installing curl in the container and curling an IPv6 test website, the request shows as coming from the correct IP.

Note that if inter-container communication is needed, the ip6tables command would have to be modified to not mess with traffic where the destination address is within the subnet. This was not necessary for my use case, so I did not include it in the answer.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Assign a public IPv6 to a Docker container

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.