Skip to content

Add IPv6 support#92

Merged
chaifeng merged 1 commit intochaifeng:masterfrom
ghostiam:v6nat
Jul 2, 2025
Merged

Add IPv6 support#92
chaifeng merged 1 commit intochaifeng:masterfrom
ghostiam:v6nat

Conversation

@ghostiam
Copy link
Copy Markdown
Contributor

@ghostiam ghostiam commented Mar 19, 2023
edited
Loading

#8

For tests:

Enable IPv6 support in Docker by specifying ULA range (RFC 4193) in /etc/docker/daemon.json

{
  "experimental": true,
  "ipv6": true,
  "ip6tables": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48"
}

Restart Docker

systemctl restart docker

Reinstall script:

sudo wget -O /usr/local/bin/ufw-docker \
  https://github.com/ghostiam/ufw-docker/raw/v6nat/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
ufw-docker install
Output: 
--- /etc/ufw/after6.rules	2023-03-19 21:43:32.713888837 +0000
+++ /tmp/tmp.CPfwzQubwd	2023-03-19 21:43:35.341910743 +0000
@@ -25,3 +25,24 @@

 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
+# BEGIN UFW AND DOCKER
+*filter
+:ufw6-user-forward - [0:0]
+:ufw6-docker-logging-deny - [0:0]
+:DOCKER-USER - [0:0]
+-A DOCKER-USER -j ufw6-user-forward
+
+-A DOCKER-USER -j RETURN -s fd00:dead:beef::/48
+
+-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
+
+-A DOCKER-USER -j ufw6-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d fd00:dead:beef::/48
+-A DOCKER-USER -j ufw6-docker-logging-deny -p udp -m udp --dport 0:32767 -d fd00:dead:beef::/48
+
+-A DOCKER-USER -j RETURN
+
+-A ufw6-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
+-A ufw6-docker-logging-deny -j DROP
+
+COMMIT
+# END UFW AND DOCKER

Backing up /etc/ufw/after6.rules to /etc/ufw/after6.rules-ufw-docker2023-03-19-214335
Please restart UFW service manually by using the following command:
sudo systemctl restart ufw

Run Nginx:

docker run --rm --name nginx -ti -p 8080:80 nginx

Allow rule:

ufw-docker allow nginx 80/tcp

allow nginx 80/tcp bridge
ufw route allow proto tcp from any to 172.17.0.2 port 80 comment allow nginx 80/tcp bridge
Rule added
allow nginx_IPv6 80/tcp bridge
ufw route allow proto tcp from any to fd00:dead:beef::242:ac11:2 port 80 comment allow nginx_IPv6 80/tcp bridge
Rule added (v6)

Try connect:

curl -v -6 <IPv6>:8080

Get the real IP of the requester in the Nginx logs:

reda:cted:reda:cted:5400:2ff:fef5:bac7 - - [19/Mar/2023:21:35:38 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.68.0" "-"

@ghostiam ghostiam changed the title Add IPv6 support Add IPv6 support #8 Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support #8 Add IPv6 support (issue #8) Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support (issue #8) Add IPv6 support (fix #8) Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support (fix #8) Add IPv6 support Mar 19, 2023
@ghostiam ghostiam mentioned this pull request Mar 19, 2023
Open
@ghostiam ghostiam force-pushed the v6nat branch 2 times, most recently from 99b8c48 to 118f8d8 Compare March 19, 2023 22:34
@byayex
Copy link
Copy Markdown

byayex commented Dec 10, 2024

Does this get merged anytime soon?

@chaifeng
Copy link
Copy Markdown
Owner

chaifeng commented Dec 16, 2024

Thank you for this helpful PR, I'll check it soon.

@kevinf100 kevinf100 mentioned this pull request Jan 21, 2025
Merged
5 tasks
@chaifeng chaifeng merged commit 31380eb into chaifeng:master Jul 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ghostiam @byayex @chaifeng