Revisions
-
imerr revised this gist
Aug 21, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,5 +31,5 @@ docker run -it --network ip6net debian:stable bash # in the container: apt update apt install curl # this should give different ips if run multiple times curl https://ipv6.icanhazip.com -
Aug 21, 2023 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,7 +14,7 @@ echo '{ systemctl restart docker # or reboot if there's kernel updates anyways.. # assuming this is a /64 IPBLOCK="1234:dead:beef:4321" # add a v6 docker network docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $IPBLOCK:1::/80 ip6net @@ -31,5 +31,5 @@ docker run -it --network ip6net debian:stable bash # in the container: apt update apt install curl # this should give different ips! curl https://ipv6.icanhazip.com -
Aug 19, 2023 . 1 changed file with 10 additions and 2 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ # this is assuming install on a fresh debian VM, on an existing system you may want to adjust/skip things # get system up-to-date and install docker (in the future you may want dockers apt repo) apt update && apt upgrade -y && apt install docker.io apparmor -y # docker config, the log stuff isn't needed but should be configured anyways echo '{ @@ -9,16 +11,22 @@ echo '{ "max-file": "10" } }' > /etc/docker/daemon.json systemctl restart docker # or reboot if there's kernel updates anyways.. # assuming this is a /64 IPBLOCK="2a01:4f9:c012:9823" # add a v6 docker network docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $IPBLOCK:1::/80 ip6net # WARNING: below iptables steps don't persist so need to be ran every boot (iptables-save to the rescue!) # JANK: make ipv4 nat work since enable_ip_masquerade makes docker not do ipv4 stuff.. # this will potentially break things if there's other docker networks running since docker usually hands out 172.x.0.0/16 iptables -t nat -A POSTROUTING -s 172.0.0.0/8 ! -o docker0 -j MASQUERADE # IPv6 SNAT to make it use a random ip from the whole range :) ip6tables -t nat -A POSTROUTING -s "$IPBLOCK:1::/80" -j SNAT --to-source $IPBLOCK:2::0-$IPBLOCK:ffff:ffff:ffff:ffff # TEST if stuff works docker run -it --network ip6net debian:stable bash # in the container: apt update -
Aug 19, 2023 . 1 changed file with 11 additions and 6 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,22 +1,27 @@ apt update && apt upgrade -y && apt install docker.io apparmor -y # docker config, the log stuff isn't needed but should be configured anyways echo '{ "experimental": true, "ip6tables": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "10" } }' > /etc/docker/daemon.json systemctl restart docker # assuming this is a /64 IPBLOCK="2a01:4f9:c012:9823" docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $IPBLOCK:1::/80 ip6net # make ipv4 nat work since enable_ip_masquerade makes docker not do ipv4 stuff.. # this will potentially break things if there's other docker networks running since docker usually hands out 172.x.0.0/16 iptables -t nat -A POSTROUTING -s 172.0.0.0/8 ! -o docker0 -j MASQUERADE # IPv6 SNAT to make it use a random ip from the whole range :) ip6tables -t nat -A POSTROUTING -s "$IPBLOCK:1::/80" -j SNAT --to-source $IPBLOCK:2::0-$IPBLOCK:ffff:ffff:ffff:ffff docker run -it --network ip6net debian:stable bash # in the container: apt update apt install curl # this should give 20 different ips! for i in {1..20}; do curl https://ipv6.icanhazip.com; done -
Aug 18, 2023 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,22 @@ # cat /etc/docker/daemon.json { "experimental": true, "ip6tables": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "10" } } # assuming this is a /64 IPBLOCK="2a01:4f9:c012:9823" docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $IPBLOCK:1::/80 ip6net # tell the host we should respond on all of the /64 # not sure if this is needed ip route add local $IPBLOCK::/64 dev lo # IPv6 SNAT to make it use a random ip from the whole range :) ip6tables -t nat -A POSTROUTING -s "$IPBLOCK:1::/80" -j SNAT --to-source $IPBLOCK:2::0-$IPBLOCK:ffff:ffff:ffff:ffff docker run -it --network ip6net debian:stable bash apt update apt install curl for i in {1..20}; do curl https://ipv6.icanhazip.com; done