June 27, 20215 yr My container has the following fixed IP address settings: As you can see I set the prefix + the Interface ID. In my case "2003:xxx::8". But this works only if my IPv6 prefix does not change, so after an internet reconnect my provider assigns a different IPv6 prefix and my container is not reachable anymore. I tried to use this, but it does not work: 192.168.178, ::8 How could I solve this?
September 18, 20223 yr Author Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes.
September 18, 20223 yr 8 hours ago, mgutt said: Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes. Too bad recent change in docker behaviour makes it very difficult for me to handle dockers in ipv6 we need a script, which monitor the prefix/ipv6 of eth0 and edit the templates (replace current prefix with new one) in /boot/config/plugins/dockerMan/templates-user and restart docker some kind of "ddns" for docker
December 22, 20223 yr @Omri Any news on that? Does anyone at LimeTech gave a info anywhere about that? Is this even possible? This needs indeed some magic, right?
December 24, 20223 yr latest unraid version fixed the IPV6 (for most parts) the containers now get address based on their MACVLAN adress which is sufficient for me to open the appropriate ports.
December 24, 20223 yr Could you be more specific? How do you handle it (with example)? So, you are not set fixed v6 adresses?
December 27, 20223 yr Author Solution On 12/24/2022 at 7:41 AM, Omri said: the containers now get address based on their MACVLAN adress This the default behavior of IPv6 assignment: https://ben.akrin.com/mac-address-to-ipv6-link-local-address-online-converter/ On 12/24/2022 at 10:11 AM, KluthR said: Could you be more specific? If you start a container, it gets a "random" MAC address (MACVLAN) from docker. This mac address can be obtained through "docker inspect": root@Tower:~# docker inspect rsync-server | grep -A100 NetworkSettings "NetworkSettings": { ... "Gateway": "192.168.178.1", "IPAddress": "192.168.178.128", "IPPrefixLen": 24, "IPv6Gateway": "2003:xxxx:xxxx:xxxx::1", "GlobalIPv6Address": "2003:xxxx:xxxx:xxxx::2", "GlobalIPv6PrefixLen": 64, "MacAddress": "02:42:c0:a8:b2:80", So my container has the MAC address "02:42:c0:a8:b2:80". As there is an algorithm, which builds an IPv6 suffix based on this MAC address, the container now has the following additional IPv6 addresses: 946e7e921b50:~# ifconfig eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:B2:80 inet addr:192.168.178.128 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: 2003:xxxx:xxxx:xxxx:42:c0ff:fea8:b280/64 Scope:Global inet6 addr: 2003:xxxx:xxxx:xxxx::2/64 Scope:Global inet6 addr: fe80::42:c0ff:fea8:b280/64 Scope:Link ... As you can see my container now has three IPv6 addresses. Two of them are based on the MAC address, which resulted in "42:c0ff:fea8:b280". This allows us to forward the ports 80/443 to this suffix. But this won't be stable if you need to remove the docker.img, which can cause a different MAC address for each container. But I found a solution for this! We enable the advanced view and pass the "--mac-address 00:00:00:00:01:28" as extra parameter: While in the fixed IP address field we only set the IPv4: Again, additional IPv6 are added based on the mac-address and our container is permanently reachable through the suffix "200:ff:fe00:128", even if we need to delete the docker.img! I played a little bit around and the shortest suffix I was able to produce, was by using a MAC-address like the following: --mac-address 02:00:00:0F:00:09 --mac-address 02:00:00:0F:00:10 ... It returns this suffix: ::0:ff:fe0f:9 ::0:ff:fe0f:10 ... I tested it with an rsync-server container and made it public through port 22 (never forward this port, this is only for testing!) in my router and it works flawlessly: Thanks @Omri for the inspiration!
December 27, 20223 yr Thanks @mgutt will try this out. that all would be great if its covered from the GUI in future unraid releases.
December 27, 20223 yr 2 hours ago, mgutt said: I played a little bit around and the shortest suffix I was able to produce So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not?
December 27, 20223 yr 2 hours ago, mgutt said: My results: ... --mac-address 00:00:00:00:00:10 'jc21/nginx-proxy-manager:latest' unknown flag: --mac-address 00:00:00:00:00:10 See 'docker run --help'. The command failed.
December 27, 20223 yr Author There must be a copy paste typo. The flag is correct. Please write the characters manually.
December 27, 20223 yr Oh, yes - there was a hidden space. Sorry. But goin back to my 1st question: https://forums.unraid.net/topic/110648-how-to-set-only-the-ipv6-interface-id-suffix/?do=findComment&comment=1207205 - could you share your findings? EDIT: specifying 00:00:00:00:00:01 successfully gives me a v6 Interface ID of 200:ff:fe00:1 inside my fritzBox. So I assume I could work with that EDIT2: I updated all rules - the 00::10 address is working! So my public v6 is *prefix*:200:00ff:fe00:0010 as caluclated. Works perfectly! Thansk you! Edited December 27, 20223 yr by KluthR
December 27, 20223 yr Author 46 minutes ago, KluthR said: So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not? Both are valid, but 02:00... would be more "correct" as it is part of the official local private ranges: x2‑xx‑xx‑xx‑xx‑xx x6‑xx‑xx‑xx‑xx‑xx xA‑xx‑xx‑xx‑xx‑xx xE‑xx‑xx‑xx‑xx‑xx This should avoid MAC address conflicts, but I don't really think something else uses 00:00:00:00:01:28 or similar?!
December 27, 20223 yr 39 minutes ago, mgutt said: but I don't really think something else uses 00:00:00:00:01:28 or similar?! At least not at my assigned v6 prefix We'll see.
February 11, 20233 yr Hi Every container gets 2 global IPV6 addresses one is based on the mac address (EUI-64) and one is based on the prefix with ::1/::2... at the end some containers (like linuxservers qbittorrent) only "use" the later which can change between reboots can I disable the second type of global IPV6 address? or can I make it "fixed" somehow?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.