Я пытаюсь настроить приложение на основе докеров на виртуальном сервере под управлением Ubuntu. Приложение должно работать с IPv6. Нет проблем, у меня есть сеть / 64 от провайдера сервера, она работает нормально, пока я не запустил сеть докеров с поддержкой IPv6.
После запуска сети к моему серверу по-прежнему можно получить доступ через IPv6 извне, но я не могу подключиться к Интернету через IPv6 изнутри - очевидно, есть проблема с маршрутизацией.
Я обнаружил, что проблема в дефолте docker0
мост с его адресом fe80::1
. К сожалению, шлюз по умолчанию (назначенный моим провайдером сервера) также находится по адресу fe80::1
, поэтому, когда мост подключен к сети, ничего больше не маршрутизируется в Интернет.
Я весь день пытался заставить докер использовать другой адрес IPv6 для docker0
мост (который, как я полагаю, должен решить мою проблему), но безуспешно. Есть вариант --bip
в dockerd
, но, к сожалению, он работает только с IPv4, и нет --bip-v6
вариант. Я также попробовал --fixed-cidr-v6
вариант с другой подсетью, но это только добавило дополнительный адрес к мосту без удаления fe80::1
.
Я что-то упускаю? Есть ли способ использовать другой IPv6-адрес для интерфейса моста? А может быть совсем другое решение моей проблемы?
Это моя таблица маршрутизации IPv6:
ip -6 r s table all
:
local ::1 dev lo proto kernel metric 256 pref medium
2a01:4f8:xxxx::/64 dev eth0 proto kernel metric 256 pref medium
fd4d:6169:6c63:6f77::/64 dev br-cc7dcdf95b47 proto kernel metric 256 pref medium
fd4d:6169:6c63:6f77::/64 dev br-cc7dcdf95b47 metric 1024 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev br-cc7dcdf95b47 proto kernel metric 256 pref medium
fe80::/64 dev veth048588a proto kernel metric 256 pref medium
fe80::/64 dev veth33a8cad proto kernel metric 256 pref medium
fe80::/64 dev vethe09ac37 proto kernel metric 256 pref medium
fe80::/64 dev veth1bcf186 proto kernel metric 256 pref medium
fe80::/64 dev veth2c1c3f6 proto kernel metric 256 pref medium
fe80::/64 dev veth5ae2bda proto kernel metric 256 pref medium
fe80::/64 dev veth67e374a proto kernel metric 256 pref medium
fe80::/64 dev vethb29c88d proto kernel metric 256 pref medium
fe80::/64 dev veth0d84748 proto kernel metric 256 pref medium
fe80::/64 dev vethdb1c15b proto kernel metric 256 pref medium
fe80::/64 dev vethe114d26 proto kernel metric 256 pref medium
fe80::/64 dev veth0bf244b proto kernel metric 256 pref medium
fe80::/64 dev vethdd92ee9 proto kernel metric 256 pref medium
fe80::/64 dev vethd5f5a74 proto kernel metric 256 pref medium
fe81::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe81::/64 dev docker0 metric 1024 linkdown pref medium
default via fe80::1 dev eth0 metric 1024 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast 2a01:4f8:xxxx:: dev eth0 table local proto kernel metric 0 pref medium
local 2a01:4f8:xxxx::1 dev eth0 table local proto kernel metric 0 pref medium
anycast fd4d:6169:6c63:6f77:: dev br-cc7dcdf95b47 table local proto kernel metric 0 pref medium
local fd4d:6169:6c63:6f77::1 dev br-cc7dcdf95b47 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-cc7dcdf95b47 table local proto kernel metric 0 pref medium
anycast fe80:: dev veth048588a table local proto kernel metric 0 pref medium
anycast fe80:: dev veth33a8cad table local proto kernel metric 0 pref medium
anycast fe80:: dev vethe09ac37 table local proto kernel metric 0 pref medium
anycast fe80:: dev veth1bcf186 table local proto kernel metric 0 pref medium
anycast fe80:: dev veth2c1c3f6 table local proto kernel metric 0 pref medium
anycast fe80:: dev veth5ae2bda table local proto kernel metric 0 pref medium
anycast fe80:: dev veth67e374a table local proto kernel metric 0 pref medium
anycast fe80:: dev vethb29c88d table local proto kernel metric 0 pref medium
anycast fe80:: dev veth0d84748 table local proto kernel metric 0 pref medium
anycast fe80:: dev vethdb1c15b table local proto kernel metric 0 pref medium
anycast fe80:: dev vethe114d26 table local proto kernel metric 0 pref medium
anycast fe80:: dev veth0bf244b table local proto kernel metric 0 pref medium
anycast fe80:: dev vethdd92ee9 table local proto kernel metric 0 pref medium
anycast fe80:: dev vethd5f5a74 table local proto kernel metric 0 pref medium
local fe80::1 dev br-cc7dcdf95b47 table local proto kernel metric 0 pref medium
local fe80::42:47ff:fe7f:2c49 dev br-cc7dcdf95b47 table local proto kernel metric 0 pref medium
local fe80::43:2cff:fe5c:bb6b dev vethdd92ee9 table local proto kernel metric 0 pref medium
local fe80::fa:2aff:fe49:e066 dev vethb29c88d table local proto kernel metric 0 pref medium
local fe80::140f:77ff:fe9b:888 dev veth2c1c3f6 table local proto kernel metric 0 pref medium
local fe80::3c02:e7ff:fe99:273e dev veth1bcf186 table local proto kernel metric 0 pref medium
local fe80::3c43:12ff:feb6:4407 dev vethe09ac37 table local proto kernel metric 0 pref medium
local fe80::58a3:30ff:feb0:8a2b dev vethe114d26 table local proto kernel metric 0 pref medium
local fe80::58bf:1eff:fe92:dbd2 dev veth67e374a table local proto kernel metric 0 pref medium
local fe80::8c92:c9ff:fe2f:c7ed dev veth0d84748 table local proto kernel metric 0 pref medium
local fe80::90ef:23ff:fe34:571c dev vethdb1c15b table local proto kernel metric 0 pref medium
local fe80::9400:ff:fe0d:bb91 dev eth0 table local proto kernel metric 0 pref medium
local fe80::a0fd:1eff:fe21:c662 dev veth0bf244b table local proto kernel metric 0 pref medium
local fe80::a42a:48ff:fe98:68ca dev vethd5f5a74 table local proto kernel metric 0 pref medium
local fe80::bceb:74ff:fe97:f466 dev veth33a8cad table local proto kernel metric 0 pref medium
local fe80::c811:f7ff:fefb:b7cc dev veth048588a table local proto kernel metric 0 pref medium
local fe80::cc10:61ff:fe25:571d dev veth5ae2bda table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev docker0 table local metric 256 linkdown pref medium
ff00::/8 dev br-cc7dcdf95b47 table local metric 256 pref medium
ff00::/8 dev veth048588a table local metric 256 pref medium
ff00::/8 dev veth33a8cad table local metric 256 pref medium
ff00::/8 dev vethe09ac37 table local metric 256 pref medium
ff00::/8 dev veth1bcf186 table local metric 256 pref medium
ff00::/8 dev veth2c1c3f6 table local metric 256 pref medium
ff00::/8 dev veth5ae2bda table local metric 256 pref medium
ff00::/8 dev veth67e374a table local metric 256 pref medium
ff00::/8 dev vethb29c88d table local metric 256 pref medium
ff00::/8 dev veth0d84748 table local metric 256 pref medium
ff00::/8 dev vethdb1c15b table local metric 256 pref medium
ff00::/8 dev vethe114d26 table local metric 256 pref medium
ff00::/8 dev veth0bf244b table local metric 256 pref medium
ff00::/8 dev vethdd92ee9 table local metric 256 pref medium
ff00::/8 dev vethd5f5a74 table local metric 256 pref medium
ip r get to 2a00:1450:4001:80b::200e
:
2a00:1450:4001:80b::200e from :: via fe80::1 dev eth0 src fd4d:6169:6c63:6f77::1 metric 1024 pref medium
И ifconfig
:
br-cc7dcdf95b47: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.1.1 netmask 255.255.255.0 broadcast 172.22.1.255
inet6 fe80::42:47ff:fe7f:2c49 prefixlen 64 scopeid 0x20<link>
inet6 fd4d:6169:6c63:6f77::1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::1 prefixlen 64 scopeid 0x20<link>
ether 02:42:47:7f:2c:49 txqueuelen 0 (Ethernet)
RX packets 107906 bytes 13141154 (13.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118687 bytes 221525604 (221.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::1 prefixlen 64 scopeid 0x20<link>
ether 02:42:7a:b5:4f:c2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 159.69.x.x netmask 255.255.255.255 broadcast 159.69.20.27
inet6 fe80::9400:ff:fe0d:bb91 prefixlen 64 scopeid 0x20<link>
inet6 2a01:4f8:xxxx::1 prefixlen 64 scopeid 0x0<global>
ether 96:00:00:0d:bb:91 txqueuelen 1000 (Ethernet)
RX packets 1466656 bytes 2017338323 (2.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 242369 bytes 35789858 (35.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1557 bytes 150186 (150.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1557 bytes 150186 (150.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth048588a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c811:f7ff:fefb:b7cc prefixlen 64 scopeid 0x20<link>
ether ca:11:f7:fb:b7:cc txqueuelen 0 (Ethernet)
RX packets 28197 bytes 3349225 (3.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26703 bytes 3201108 (3.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0bf244b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a0fd:1eff:fe21:c662 prefixlen 64 scopeid 0x20<link>
ether a2:fd:1e:21:c6:62 txqueuelen 0 (Ethernet)
RX packets 100933 bytes 15862061 (15.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 111009 bytes 11633473 (11.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0d84748: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8c92:c9ff:fe2f:c7ed prefixlen 64 scopeid 0x20<link>
ether 8e:92:c9:2f:c7:ed txqueuelen 0 (Ethernet)
RX packets 103300 bytes 13898479 (13.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 121634 bytes 12670159 (12.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1bcf186: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3c02:e7ff:fe99:273e prefixlen 64 scopeid 0x20<link>
ether 3e:02:e7:99:27:3e txqueuelen 0 (Ethernet)
RX packets 36 bytes 2696 (2.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1210 bytes 84788 (84.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth2c1c3f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::140f:77ff:fe9b:888 prefixlen 64 scopeid 0x20<link>
ether 16:0f:77:9b:08:88 txqueuelen 0 (Ethernet)
RX packets 222 bytes 595112 (595.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1392 bytes 97629 (97.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth33a8cad: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::bceb:74ff:fe97:f466 prefixlen 64 scopeid 0x20<link>
ether be:eb:74:97:f4:66 txqueuelen 0 (Ethernet)
RX packets 117683 bytes 10479133 (10.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 175621 bytes 14606191 (14.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth5ae2bda: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::cc10:61ff:fe25:571d prefixlen 64 scopeid 0x20<link>
ether ce:10:61:25:57:1d txqueuelen 0 (Ethernet)
RX packets 144626 bytes 14669024 (14.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 126561 bytes 17294944 (17.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth67e374a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::58bf:1eff:fe92:dbd2 prefixlen 64 scopeid 0x20<link>
ether 5a:bf:1e:92:db:d2 txqueuelen 0 (Ethernet)
RX packets 35 bytes 2626 (2.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1173 bytes 81306 (81.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethb29c88d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fa:2aff:fe49:e066 prefixlen 64 scopeid 0x20<link>
ether 02:fa:2a:49:e0:66 txqueuelen 0 (Ethernet)
RX packets 58194 bytes 7207407 (7.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51512 bytes 8688896 (8.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethd5f5a74: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a42a:48ff:fe98:68ca prefixlen 64 scopeid 0x20<link>
ether a6:2a:48:98:68:ca txqueuelen 0 (Ethernet)
RX packets 15188 bytes 2025159 (2.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13932 bytes 2746121 (2.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethdb1c15b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::90ef:23ff:fe34:571c prefixlen 64 scopeid 0x20<link>
ether 92:ef:23:34:57:1c txqueuelen 0 (Ethernet)
RX packets 560 bytes 62645 (62.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1517 bytes 296504 (296.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethdd92ee9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::43:2cff:fe5c:bb6b prefixlen 64 scopeid 0x20<link>
ether 02:43:2c:5c:bb:6b txqueuelen 0 (Ethernet)
RX packets 1942 bytes 136953 (136.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2134 bytes 136680 (136.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethe09ac37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3c43:12ff:feb6:4407 prefixlen 64 scopeid 0x20<link>
ether 3e:43:12:b6:44:07 txqueuelen 0 (Ethernet)
RX packets 8695 bytes 489502 (489.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20816 bytes 203318137 (203.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethe114d26: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::58a3:30ff:feb0:8a2b prefixlen 64 scopeid 0x20<link>
ether 5a:a3:30:b0:8a:2b txqueuelen 0 (Ethernet)
RX packets 210436 bytes 18913898 (18.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 160172 bytes 22027812 (22.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
И sysctl -A | grep forwarding | grep ipv6
:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.br-cc7dcdf95b47.forwarding = 1
net.ipv6.conf.br-cc7dcdf95b47.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.docker0.forwarding = 1
net.ipv6.conf.docker0.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.veth048588a.forwarding = 1
net.ipv6.conf.veth048588a.mc_forwarding = 0
net.ipv6.conf.veth0bf244b.forwarding = 1
net.ipv6.conf.veth0bf244b.mc_forwarding = 0
net.ipv6.conf.veth0d84748.forwarding = 1
net.ipv6.conf.veth0d84748.mc_forwarding = 0
net.ipv6.conf.veth1bcf186.forwarding = 1
net.ipv6.conf.veth1bcf186.mc_forwarding = 0
net.ipv6.conf.veth2c1c3f6.forwarding = 1
net.ipv6.conf.veth2c1c3f6.mc_forwarding = 0
net.ipv6.conf.veth33a8cad.forwarding = 1
net.ipv6.conf.veth33a8cad.mc_forwarding = 0
net.ipv6.conf.veth5ae2bda.forwarding = 1
net.ipv6.conf.veth5ae2bda.mc_forwarding = 0
net.ipv6.conf.veth67e374a.forwarding = 1
net.ipv6.conf.veth67e374a.mc_forwarding = 0
net.ipv6.conf.vethb29c88d.forwarding = 1
net.ipv6.conf.vethb29c88d.mc_forwarding = 0
net.ipv6.conf.vethd5f5a74.forwarding = 1
net.ipv6.conf.vethd5f5a74.mc_forwarding = 0
net.ipv6.conf.vethdb1c15b.forwarding = 1
net.ipv6.conf.vethdb1c15b.mc_forwarding = 0
net.ipv6.conf.vethdd92ee9.forwarding = 1
net.ipv6.conf.vethdd92ee9.mc_forwarding = 0
net.ipv6.conf.vethe09ac37.forwarding = 1
net.ipv6.conf.vethe09ac37.mc_forwarding = 0
net.ipv6.conf.vethe114d26.forwarding = 1
net.ipv6.conf.vethe114d26.mc_forwarding = 0
И traceroute6 google.com
:
traceroute to (2a00:1450:4001:80b::200e) from fd4d:6169:6c63:6f77::1, 30 hops max, 24 byte packets
1 * * *
2 * * *
ip6tables-save
:
# Generated by ip6tables-save v1.6.1 on Tue Jul 31 19:50:43 2018
*security
:INPUT ACCEPT [28763:1962044]
:FORWARD ACCEPT [699928:73444337]
:OUTPUT ACCEPT [28076:1907468]
COMMIT
# Completed on Tue Jul 31 19:50:43 2018
# Generated by ip6tables-save v1.6.1 on Tue Jul 31 19:50:43 2018
*raw
:PREROUTING ACCEPT [708780:74194437]
:OUTPUT ACCEPT [28076:1907468]
COMMIT
# Completed on Tue Jul 31 19:50:43 2018
# Generated by ip6tables-save v1.6.1 on Tue Jul 31 19:50:43 2018
*mangle
:PREROUTING ACCEPT [708780:74194437]
:INPUT ACCEPT [28763:1962044]
:FORWARD ACCEPT [699928:73444337]
:OUTPUT ACCEPT [28076:1907468]
:POSTROUTING ACCEPT [728004:75351805]
COMMIT
# Completed on Tue Jul 31 19:50:43 2018
# Generated by ip6tables-save v1.6.1 on Tue Jul 31 19:50:43 2018
*nat
:PREROUTING ACCEPT [74820:6308358]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [37:3024]
:POSTROUTING ACCEPT [35:2848]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d ::1/128 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s fd4d:6169:6c63:6f77::/64 ! -o br-cc7dcdf95b47 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::d/128 -d fd4d:6169:6c63:6f77::d/128 -p tcp -m tcp --dport 443 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::d/128 -d fd4d:6169:6c63:6f77::d/128 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::9/128 -d fd4d:6169:6c63:6f77::9/128 -p tcp -m tcp --dport 110 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::9/128 -d fd4d:6169:6c63:6f77::9/128 -p tcp -m tcp --dport 143 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::9/128 -d fd4d:6169:6c63:6f77::9/128 -p tcp -m tcp --dport 4190 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::9/128 -d fd4d:6169:6c63:6f77::9/128 -p tcp -m tcp --dport 993 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::9/128 -d fd4d:6169:6c63:6f77::9/128 -p tcp -m tcp --dport 995 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 465 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 587 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 443 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::f/128 -d fd4d:6169:6c63:6f77::f/128 -p tcp -m tcp --dport 110 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::f/128 -d fd4d:6169:6c63:6f77::f/128 -p tcp -m tcp --dport 143 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::f/128 -d fd4d:6169:6c63:6f77::f/128 -p tcp -m tcp --dport 4190 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::f/128 -d fd4d:6169:6c63:6f77::f/128 -p tcp -m tcp --dport 993 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::f/128 -d fd4d:6169:6c63:6f77::f/128 -p tcp -m tcp --dport 995 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::6/128 -d fd4d:6169:6c63:6f77::6/128 -p tcp -m tcp --dport 587 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::6/128 -d fd4d:6169:6c63:6f77::6/128 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::6/128 -d fd4d:6169:6c63:6f77::6/128 -p tcp -m tcp --dport 465 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::/64 ! -o br-35b96e790911 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::3/128 -d fd4d:6169:6c63:6f77::3/128 -p tcp -m tcp --dport 587 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::3/128 -d fd4d:6169:6c63:6f77::3/128 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::3/128 -d fd4d:6169:6c63:6f77::3/128 -p tcp -m tcp --dport 465 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 4190 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 993 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 995 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 110 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::5/128 -d fd4d:6169:6c63:6f77::5/128 -p tcp -m tcp --dport 143 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::/64 ! -o br-5e20ca02384a -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::/64 ! -o br-2f9f6d9c18d5 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 4190 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 993 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 995 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 110 -j MASQUERADE
-A POSTROUTING -s fd4d:6169:6c63:6f77::8/128 -d fd4d:6169:6c63:6f77::8/128 -p tcp -m tcp --dport 143 -j MASQUERADE
-A DOCKER -i br-cc7dcdf95b47 -j RETURN
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 443 -j DNAT --to-destination [fd4d:6169:6c63:6f77::d]:443
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 80 -j DNAT --to-destination [fd4d:6169:6c63:6f77::d]:80
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 25 -j DNAT --to-destination [fd4d:6169:6c63:6f77::5]:25
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 465 -j DNAT --to-destination [fd4d:6169:6c63:6f77::5]:465
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 587 -j DNAT --to-destination [fd4d:6169:6c63:6f77::5]:587
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 110 -j DNAT --to-destination [fd4d:6169:6c63:6f77::9]:110
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 143 -j DNAT --to-destination [fd4d:6169:6c63:6f77::9]:143
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 4190 -j DNAT --to-destination [fd4d:6169:6c63:6f77::9]:4190
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 993 -j DNAT --to-destination [fd4d:6169:6c63:6f77::9]:993
-A DOCKER ! -i br-cc7dcdf95b47 -p tcp -m tcp --dport 995 -j DNAT --to-destination [fd4d:6169:6c63:6f77::9]:995
COMMIT
# Completed on Tue Jul 31 19:50:43 2018
# Generated by ip6tables-save v1.6.1 on Tue Jul 31 19:50:43 2018
*filter
:INPUT ACCEPT [27576:1886276]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26902:1813448]
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
:MAILCOW - [0:0]
-A INPUT -j MAILCOW
-A FORWARD -j MAILCOW
-A FORWARD -o br-cc7dcdf95b47 -j DOCKER
-A FORWARD -o br-cc7dcdf95b47 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br-cc7dcdf95b47 ! -o br-cc7dcdf95b47 -j ACCEPT
-A FORWARD -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -j ACCEPT
-A FORWARD -o br-35b96e790911 -j DOCKER
-A FORWARD -o br-35b96e790911 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br-35b96e790911 ! -o br-35b96e790911 -j ACCEPT
-A FORWARD -i br-35b96e790911 -o br-35b96e790911 -j ACCEPT
-A FORWARD -o br-5e20ca02384a -j DOCKER
-A FORWARD -o br-5e20ca02384a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br-5e20ca02384a ! -o br-5e20ca02384a -j ACCEPT
-A FORWARD -i br-5e20ca02384a -o br-5e20ca02384a -j ACCEPT
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o br-2f9f6d9c18d5 -j DOCKER
-A FORWARD -o br-2f9f6d9c18d5 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br-2f9f6d9c18d5 ! -o br-2f9f6d9c18d5 -j ACCEPT
-A FORWARD -i br-2f9f6d9c18d5 -o br-2f9f6d9c18d5 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::d/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::d/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::5/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 25 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::5/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 465 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::5/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 587 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::9/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 110 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::9/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 143 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::9/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 4190 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::9/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 993 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::9/128 ! -i br-cc7dcdf95b47 -o br-cc7dcdf95b47 -p tcp -m tcp --dport 995 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
COMMIT
# Completed on Tue Jul 31 19:50:43 2018
brctl show
:
bridge name bridge id STP enabled interfaces
br-cc7dcdf95b47 8000.0242477f2c49 no veth048588a
veth0bf244b
[all the other veth* interfaces - post is getting too long]
docker0 8000.02427ab54fc2 no
При чистой установке вам просто нужно указать докеру, чтобы он включил IPv6 и предоставил ему глобальную подсеть одноадресной IPv6 (/ 64 или больше). Эта подсеть должна быть направлен на ваш существующий IP-адрес хоста IPv6.
пример из моей лаборатории:
/etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:470:X:X::/56"
}
и проверить это
docker run --rm -it byrnedo/alpine-curl ipv6.icanhazip.com
2001: 470: X: X: 0: 242: ac11: 4
Если у вас может быть несколько ссылок с одним и тем же локальным адресом ссылки
ip addr | grep "fe80::1"
inet6 fe80::1/64 scope link
inet6 fe80::1/64 scope link
если ничего из этого не работает для вас, или ваш восходящий поток не может предоставить вам дополнительную подсеть или маршруты, и если нет конфликтов портов, просто запустите свое приложение с --net="host"
вместо этого (см. http://www.debug-all.com/?p=163 для большего).