Docker Notes for IPv6
FireWall
~~> sudo ip6tables -P OUTPUT ACCEPT ~~> sudo ip6tables -P INPUT ACCEPT ~~> sudo ip6tables -P FORWARD ACCEPT ~~> sudo ip6tables -t nat -A POSTROUTING -s fd00::/64 -j MASQUERADE
Rules
~~> sudo ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
140 9992 ACCEPT icmpv6 * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 11 packets, 1144 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 40 packets, 3448 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * lo ::/0 ::/0NAT
~~> sudo ip6tables -nvL -t nat
Chain PREROUTING (policy ACCEPT 49 packets, 6271 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 104 bytes)
pkts bytes target prot opt in out source destination
1 104 MASQUERADE all * * fd00::/64 ::/0Docker Daemon
# /usr/bin/dockerd --ipv6 --fixed-cidr-v6="fd00::/64" or # /usr/bin/dockerd --ipv6 --fixed-cidr-v6="fd00::/64" -H fd://
busybox
$ docker run --rm -t -i busybox:latest busybox sh
IPv6 Address
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
50: eth0@if51: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fd00::242:ac11:2/64 scope global flags 02
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft foreverIPv6 Route
# ip -6 r fd00::/64 dev eth0 metric 256 fe80::/64 dev eth0 metric 256 default via fd00::1 dev eth0 metric 1024 unreachable default dev lo metric -1 error -101 ff00::/8 dev eth0 metric 256 unreachable default dev lo metric -1 error -101
IPv6 on the host
$ ip -6 address show docker0
docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP
inet6 fd00::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:fff:fe26:9dee/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft foreverIPv6 routing on the host
$ ip -6 route list | grep docker fd00::/64 dev docker0 proto kernel metric 256 pref medium fd00::/64 dev docker0 metric 1024 pref medium fe80::/64 dev docker0 proto kernel metric 256 pref medium
Ping6
testing inside the docker busybox !
/ # ping6 -c6 -n google.com PING google.com (2a00:1450:4013:c00::8a): 56 data bytes 64 bytes from 2a00:1450:4013:c00::8a: seq=0 ttl=44 time=37.965 ms 64 bytes from 2a00:1450:4013:c00::8a: seq=1 ttl=44 time=34.541 ms 64 bytes from 2a00:1450:4013:c00::8a: seq=2 ttl=44 time=33.939 ms 64 bytes from 2a00:1450:4013:c00::8a: seq=3 ttl=44 time=33.714 ms 64 bytes from 2a00:1450:4013:c00::8a: seq=4 ttl=44 time=35.864 ms 64 bytes from 2a00:1450:4013:c00::8a: seq=5 ttl=44 time=33.630 ms --- google.com ping statistics --- 6 packets transmitted, 6 packets received, 0% packet loss round-trip min/avg/max = 33.630/34.942/37.965 ms