Jump to content

How can I enable container and host IPv6 network mutual access

Recommended Posts

Yeah... one more guy that does not know about V6 address schemes yet...

So let's clear it up:


fe80:: is NOT the equivalent to IPV4s 192.168.x.x ("private" address range)!


Instead, fe80 is something new, called "local" address.

"local" addresses are only valid for the particular adapter they are assigned to (in case of a docker, only the docker net) and can never make contact outside this "cable" area.

They are used by the procotcol itself. The basics like ICMP (ping) or the new great feature called "neighbor discovery protocol" (NDP) which is the successor for ARP on V4.

This NDP sends and collects all other addresses of the adapters and therefor creates a routing table remembering that a (global or private) address X can be reached via local address fe80::... (the one of that neighbor).

Local addresses should never be used for higher protocols like http or ftp or something. SSH is tolerated for emergency situations but should be avoided too normally.

(the point is: "SHOULD", they work of course also for higher stuff but then you are running into the limit of "the same cable")


IP V6 also has "private addresses", they start with the prefix FD..::

These are routed among all FE80 LANs, but never send out over a router to the internet (this is a builtin feature of the router)


Addresses "below" 8000:: are called "global" and routed everywhere.


So, if you want your docker to be accessible from the outside, you have to give him a real address, NOT fe80::!

(you cannot get rid of FE80:: it will be assigned automatically, but you have to add another "real" address.)


usually UNRAID dockers get the FD17:: address too:


docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fd17::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::42:7cff:fe52:d6d2  prefixlen 64  scopeid 0x20<link>

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fd17::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::42:7cff:fe52:d6d2  prefixlen 64  scopeid 0x20<link>

(but then, this is only a "private" address too, not for internet usage)


if you need accessibility from the internet, you have to run your docker either in "host mode" (gets the same addresses like the unraid server, ports may collide, so be careful) or "custom br0 mode" and assign static addresses to the docker (which may be inconviniant if your prefix changes often)


Or you put your docker behind a reverse proxy like "nginx proxy manager" (in hostmode) and only use the docker's V4 address internally.


(Dockers are not really V6 ready now, this is ongoing work in progress they say)


Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...