![docker network nat docker network nat](https://raw.githubusercontent.com/dineshs-altiscale/yarn-apps-in-docker/master/pictures/net-1.png)
$ sysctl -w .accept_ra = 2 # If required, re-enable RA's on INTERFACE $ sysctl -w .forwarding = 1 # Enable IPv6 forwarding First up, here’s the relevant parts of my docker-compose.yaml, with generic IP addresses (assume 2001:db8::/56 is the range assigned to me from my ISP): The second option I think is sneakily clever. This is kind of clunky and also works against one of Docker’s main objectives: portability. The main reason I didn’t go this route is that I would’ve had to make my own Docker image and embed my chosen IPv6 address within the guest OS’s settings (or write a script to pull it from an environment var). It can receive DHCP and RA’s directly from a router and set itself up however you configure it. This essentially makes the container the same as any other device on the network. The first, which isn’t the one I ended up using, is to connect the container to a Docker network using the macvlan driver. I think there’s probably two ways to accomplish my objective. But I did want to set the outgoing IPv6 address for neatness, ease of identification, and separation of Atlas traffic. In my specific circumstance, I don’t mind NATing IPv4 in Docker - I only have a single public v4 address so my router does NATv4 anyway. The add-on NATv6 container, and also the built-in NATv4 for that matter, doesn’t seem to have this capability. They simply open an outbound connection to the RIPE Atlas servers and then conduct measurements as instructed.īecause of this, my objective was actually to specify an IPv6 address (in the range assigned by my ISP) for outgoing connections from the Atlas container. The difference with my RIPE Atlas container is that the probes don’t actually need to expose any ports. My cringing at the thought of NATv6 aside, NAT does, for both IPv4 and IPv6, work *okay* for exposing many services, and in both cases does allow you to specify an address on the host to bind to.
![docker network nat docker network nat](https://miro.medium.com/max/2260/1*pxgEmyU1LZIfHENlBmFDHQ.png)
You can expose ports (essentially port forward) from containers to be visible at ports on the host’s IP.Īlso by default, Docker just doesn’t do IPv6, which has definitely been added to my list of Docker pet peeves! If you want to expose ports from containers over IPv6, then one current practice seems to be:
![docker network nat docker network nat](https://i1.wp.com/www.learnsteps.com/wp-content/uploads/2019/09/containernetworking.png)
If you don’t know about it already, you should definitely check out the RIPE Atlas project, but it’s not necessary in order to follow along here.īy default, a Docker container will be assigned an IPv4 address in a private ( RFC 1918) range, which the Docker daemon will then NAT to the host’s address. Recently, I was working on migrating my RIPE Atlas probe from running natively on a Raspberry Pi to running on a different Pi inside Docker. Networking in Docker comes with challenges, but IPv6’s abundance of addresses holds some solutions.