mgutt Posted June 27, 2021 Share Posted June 27, 2021 My container has the following fixed IP address settings: As you can see I set the prefix + the Interface ID. In my case "2003:xxx::8". But this works only if my IPv6 prefix does not change, so after an internet reconnect my provider assigns a different IPv6 prefix and my container is not reachable anymore. I tried to use this, but it does not work: 192.168.178, ::8 How could I solve this? Quote Link to comment
Omri Posted September 16, 2022 Share Posted September 16, 2022 Hi Did you find a solution? Quote Link to comment
mgutt Posted September 18, 2022 Author Share Posted September 18, 2022 Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes. Quote Link to comment
Omri Posted September 18, 2022 Share Posted September 18, 2022 8 hours ago, mgutt said: Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes. Too bad recent change in docker behaviour makes it very difficult for me to handle dockers in ipv6 we need a script, which monitor the prefix/ipv6 of eth0 and edit the templates (replace current prefix with new one) in /boot/config/plugins/dockerMan/templates-user and restart docker some kind of "ddns" for docker Quote Link to comment
KluthR Posted December 22, 2022 Share Posted December 22, 2022 @Omri Any news on that? Does anyone at LimeTech gave a info anywhere about that? Is this even possible? This needs indeed some magic, right? Quote Link to comment
Omri Posted December 24, 2022 Share Posted December 24, 2022 latest unraid version fixed the IPV6 (for most parts) the containers now get address based on their MACVLAN adress which is sufficient for me to open the appropriate ports. Quote Link to comment
KluthR Posted December 24, 2022 Share Posted December 24, 2022 Could you be more specific? How do you handle it (with example)? So, you are not set fixed v6 adresses? Quote Link to comment
Solution mgutt Posted December 27, 2022 Author Solution Share Posted December 27, 2022 On 12/24/2022 at 7:41 AM, Omri said: the containers now get address based on their MACVLAN adress This the default behavior of IPv6 assignment: https://ben.akrin.com/mac-address-to-ipv6-link-local-address-online-converter/ On 12/24/2022 at 10:11 AM, KluthR said: Could you be more specific? If you start a container, it gets a "random" MAC address (MACVLAN) from docker. This mac address can be obtained through "docker inspect": root@Tower:~# docker inspect rsync-server | grep -A100 NetworkSettings "NetworkSettings": { ... "Gateway": "192.168.178.1", "IPAddress": "192.168.178.128", "IPPrefixLen": 24, "IPv6Gateway": "2003:xxxx:xxxx:xxxx::1", "GlobalIPv6Address": "2003:xxxx:xxxx:xxxx::2", "GlobalIPv6PrefixLen": 64, "MacAddress": "02:42:c0:a8:b2:80", So my container has the MAC address "02:42:c0:a8:b2:80". As there is an algorithm, which builds an IPv6 suffix based on this MAC address, the container now has the following additional IPv6 addresses: 946e7e921b50:~# ifconfig eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:B2:80 inet addr:192.168.178.128 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: 2003:xxxx:xxxx:xxxx:42:c0ff:fea8:b280/64 Scope:Global inet6 addr: 2003:xxxx:xxxx:xxxx::2/64 Scope:Global inet6 addr: fe80::42:c0ff:fea8:b280/64 Scope:Link ... As you can see my container now has three IPv6 addresses. Two of them are based on the MAC address, which resulted in "42:c0ff:fea8:b280". This allows us to forward the ports 80/443 to this suffix. But this won't be stable if you need to remove the docker.img, which can cause a different MAC address for each container. But I found a solution for this! We enable the advanced view and pass the "--mac-address 00:00:00:00:01:28" as extra parameter: While in the fixed IP address field we only set the IPv4: Again, additional IPv6 are added based on the mac-address and our container is permanently reachable through the suffix "200:ff:fe00:128", even if we need to delete the docker.img! I played a little bit around and the shortest suffix I was able to produce, was by using a MAC-address like the following: --mac-address 02:00:00:0F:00:09 --mac-address 02:00:00:0F:00:10 ... It returns this suffix: ::0:ff:fe0f:9 ::0:ff:fe0f:10 ... I tested it with an rsync-server container and made it public through port 22 (never forward this port, this is only for testing!) in my router and it works flawlessly: Thanks @Omri for the inspiration! 1 1 Quote Link to comment
KluthR Posted December 27, 2022 Share Posted December 27, 2022 Thanks @mgutt will try this out. that all would be great if its covered from the GUI in future unraid releases. Quote Link to comment
KluthR Posted December 27, 2022 Share Posted December 27, 2022 2 hours ago, mgutt said: I played a little bit around and the shortest suffix I was able to produce So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not? Quote Link to comment
KluthR Posted December 27, 2022 Share Posted December 27, 2022 2 hours ago, mgutt said: My results: ... --mac-address 00:00:00:00:00:10 'jc21/nginx-proxy-manager:latest' unknown flag: --mac-address 00:00:00:00:00:10 See 'docker run --help'. The command failed. Quote Link to comment
mgutt Posted December 27, 2022 Author Share Posted December 27, 2022 There must be a copy paste typo. The flag is correct. Please write the characters manually. Quote Link to comment
KluthR Posted December 27, 2022 Share Posted December 27, 2022 (edited) Oh, yes - there was a hidden space. Sorry. But goin back to my 1st question: https://forums.unraid.net/topic/110648-how-to-set-only-the-ipv6-interface-id-suffix/?do=findComment&comment=1207205 - could you share your findings? EDIT: specifying 00:00:00:00:00:01 successfully gives me a v6 Interface ID of 200:ff:fe00:1 inside my fritzBox. So I assume I could work with that EDIT2: I updated all rules - the 00::10 address is working! So my public v6 is *prefix*:200:00ff:fe00:0010 as caluclated. Works perfectly! Thansk you! Edited December 27, 2022 by KluthR Quote Link to comment
mgutt Posted December 27, 2022 Author Share Posted December 27, 2022 46 minutes ago, KluthR said: So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not? Both are valid, but 02:00... would be more "correct" as it is part of the official local private ranges: x2‑xx‑xx‑xx‑xx‑xx x6‑xx‑xx‑xx‑xx‑xx xA‑xx‑xx‑xx‑xx‑xx xE‑xx‑xx‑xx‑xx‑xx This should avoid MAC address conflicts, but I don't really think something else uses 00:00:00:00:01:28 or similar?! 1 Quote Link to comment
KluthR Posted December 27, 2022 Share Posted December 27, 2022 39 minutes ago, mgutt said: but I don't really think something else uses 00:00:00:00:01:28 or similar?! At least not at my assigned v6 prefix We'll see. Quote Link to comment
Omri Posted February 11, 2023 Share Posted February 11, 2023 Hi Every container gets 2 global IPV6 addresses one is based on the mac address (EUI-64) and one is based on the prefix with ::1/::2... at the end some containers (like linuxservers qbittorrent) only "use" the later which can change between reboots can I disable the second type of global IPV6 address? or can I make it "fixed" somehow? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.